When you run the Default Settings Wizard during the Rational® AppScan® Tester
Edition setup, you can populate the AppScan database with sample data, such
as scan templates, server groups (based on the servers and IP addresses listed
in your AppScan license),
and test policies for running security tests. If necessary, you can edit this
data later in AppScan.
You can also populate the database with Rational Quality Manager-specific sample
data that lets you get up and running quickly. It also gives you an overall
sense of how you can set up your own test plans and test scripts to scan for
security vulnerabilities in your environment.
This topic provides details on the sample data that populates the database.
Sample AppScan data
- Scan templates: A scan template defines the type of scan that will
be performed and the reports that will be generated.
- Server groups: A server group is a group of items that can be tested
as a unit; the same security tests will be applied to all the servers in the
group. A server group can be any combination of domains, URLs, and IP addresses.
- Test policies: A test policy is a predefined set of security tests.
A test policy is a set of testing configuration information (e.g., threat
classes, noninvasive/invasive tests, port listener tests, etc.).
Sample Rational Quality Manager data
- Requirements: Security best practices are included as requirements.
These security requirements can be deleted if they do not apply to your specific
test case.
- Test plan: A sample security testing test plan called Altoro Mutual
Test Plan is based on the Web Application Security Test Plan Template. You
can use the template to create your own security test plan.
- Test cases: The Default Settings Wizard automatically creates three
test cases to test Web applications. These test cases can be edited as required
in Rational Quality
Manager:
- Ensure that users can transfer funds between accounts
- Ensure that login works as expected
- Ensure there are no security vulnerabilities
- Test scripts: The Default Settings Wizard automatically creates
several test scripts to test Web applications:
- Transfer small amount between accounts (manual test script)
- Transfer large amount between accounts (manual test script)
- Ensure that user cannot transfer more money than is available (manual
test script)
- Basic scan of Altoro Mutual (automated test script)
- Login as Administrator (manual test script)
- Login as John Smith (manual test script)