IBM Security AppScan Standardn -...

$: IBM Security AppScan Standardn - yun.njgljy.cnyun.njgljy.cn/oa/OAWebSite/OfficeArea/Files/ZJPlanFiles/20171024/... · nj8E" Yw53 \'VDYw53:(32 ;M 64 ;f>): v MicrosoftWindows Server$
IBM SecurityAppScan StandardV9.0

kE

GI13-2874-00

��

?<

Z 1 B 20 AppScan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153hs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32,20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3mI$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4bTKP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Z 2 B y>-r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7(h=hM(hWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Web &CLrk Web Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7w0Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8$wwL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8y>(h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Z 3 B (hdC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Scan Expert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11V/=w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Z 4 B (h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13wH(h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Z 5 B &ma{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15a{S< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Result Expert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16<va{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Z 6 B (f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Z 7 B w$_8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

IBM Security AppScan Standard V9.0 D5yw . . . . . . . . . . . . . . . . . . 23

© Copyright IBM Corp. 2000, 2014 iii

iv IBM Security AppScan Standard: kE

Z 1 B 20 AppScanv :53hs;

v Z 33D:20;

v Z 33D:2,20;

v Z 43D:mI$;

v Z 53D:bTKP;

53hs

KP AppScan Standard yhnM2~Mm~D**#

2~hs

2~ nMhs

&mw Core 2 Duo 2 GHz(r,H&mw)

Zf 3 GB RAM

ELUd 30 GB

xg 1 NIC 100 Mbps(kT_PQdC TCP/IP Dxg(E)

Yw53Mm~hs

m~ j8E"

Yw53 \'VDYw53:(32 ;M 64 ;f>):

v Microsoft Windows Server 2012:Essentials"Standard M Datacenter

v Microsoft Windows Server 2012 R2:Essentials"Standard M Datacenter

v Microsoft Windows Server 2008:Standard M Enterprise,SP1 M SP2

v Microsoft Windows Server 2008 R2:Standard M Enterprise(,r;, SP1)

v Microsoft Windows 8.1:Pro M Enterprise

v Microsoft Windows 8:Standard"Pro M Enterprise

v Microsoft Windows 7:Enterprise"Professional M Ultimate(,r;, SP1)

/@w Microsoft Internet Explorer 8"9"10"11

mI$\?~

qw

Rational® License Key Server 8.1.1"8.1.2"8.1.3"8.1.4

© Copyright IBM Corp. 2000, 2014 1

m~ j8E"

d{ Microsoft .NET Framework 4.5

(I!)h* Adobe Flash Player for Internet Explorer V10.1.102.64 r|_f>E\4P Flash(T

0i43)(iPD8>S5)#;'VOMDf>,R3)f>I\h*xPdC#PXj8E",

kNDwC'8O#

(I!)CZ(F(f#eD Microsoft Word 2003"2007"2010"2013

(I!)\'VD1]zY53:

v Rational ClearQuest® 7.1.1"7.1.2"8.0

v HP Quality Center 9.2"10

*c:ZdzwO;P>XmI$DM'Z9C AppScan 1h*kdmI~qwxPxg,S#

*c:k AppScan KPZ,;FczODvK@p=Ih9(E,"<Ba{;}7MT\5M#*KqCn

Qa{,k;*ZKP AppScan DFczOKPvK@p=#

Glass box ~qwhs

Glass box (h&\h*Z&CLr~qwO20 glass box zmLr#PX|`j8E",kND*zoz,

r_GZw glass box D~PPR=D Glass Box C'8O,1!ivBC8O;Z:

C:\Program Files (x86)\IBM\AppScan Standard\Glass box

Java =(:Z Java =(O,'VTB~qw=(M<u#

m~ j8E"

Yw53 \'VD Microsoft Windows 53:(32 ;M 64 ;f>):

v MicrosoftWindows Server 2012

v MicrosoftWindows Server 2012 R2



\'VD Linux 53:

v Linux RHEL 5"6"6.1"6.2"6.3

v Linux SLES 10 SP4"11 SP2

\'VD UNIX 53:

v UNIX AIX® 6.1"7.1

v UNIX Solaris 10 (SPARC)

v UNIX Solaris 11 Express®

Java™ EE ]

w

JBoss AS 6"7;JBoss EAP 6.1;Tomcat 6.0"7.0;WebLogic 11;WebSphere 7.0"8.0"8.5"8.5.5

.NET =(:Z .NET =(O,'VTB53M<u:

2 IBM Security AppScan Standard: kE

n j8E"

Yw53 \'VDYw53:(32 ;M 64 ;f>):





d{ Microsoft IIS 7.0 r|_f>

Xk20 Microsoft .NET Framework 4.0 r 4.5,"RXkZy6pdC IIS,E\CZKf>D ASP.net

":Z~qwOKP&CLr1,C'Xk_P\m1X(#

":&Z~qwOI&20Kz*bTD&CLr.s20zmLr#

20

20r<CZ8<zjIb;lYxr%D}L#

}L

1. XUNNQr*D Microsoft Office &CLr#

":g{Q20 Microsoft Word 2003 r|_f>,G4Z20Zd,a+ AppScan Smart jGmS=|

D Smart jG!n#4((F(f#e1,IT+b)jGekVNzkP#*KxPCYw,Z20Z

d,XkXU Microsoft Word Md{NN9CjGD Microsoft Office Lr(g Microsoft Outlook)#

2. t/ AppScan 20#

+t/“InstallShield r<”,"lizD$w>GqzcnM20hs#;saT> AppScan® 20r<6

-A;#

3. k4Ur<8>E"4jI AppScan 20#

":53a*sz20rBX GSC((C~qM'z)#g{*/@ Web Services TdC Web Services

(h,GSC GX*D,+g{;C(h Web ~q,G4 GSC M;GX*D)#

2,20

9C|nPxP^KU\20D8>E"#

zIT9C|nPMTBN}“2,X”20 AppScan:

AppScan_Setup.exe /l"LanguageCode" /s /v"/qn INSTALLDIR=\"InstallPath\""

*c: g{Z20 Rational AppScan D,1k*20“(C~qM'z”((h Web Service yXhD,+;

G;(h Web &CLr),zXkKP|,=v20 (.exe) D~DD~PPD|nP#

Z 1 B 20 AppScan 3

N} &\

/l oTzk#!nP:

v "o:1033

v PD(1e):1028

v PD(re):2052

v (o:1036

v Bo:1031

v bs{o:1040

v Uo:1041

v +o:1042

v OQ@o:1033

v w`@o:1034

/s $n“2,==”(qr+t/#f20)#

":Xkk /v″/qn″ aO9C(kNDB;P)

/v hCd{ MSI tT,g UI #=M AppScan +20=D76#

UI #=:

TZ“2,==”,|, /qn w*N}(Z=_S}E)#

76:

g{z4(e2076,G420+9C1!76:...Program Files\IBM\AppScan Standard\

*(ed{2076,kmS INSTALLDIR=\"InstallPath\" w*N}(Z=_SO}E)#76I\|

(Uq#

>}:

/v"/qn INSTALLDIR=\"D:\Program Files\AppScan\""

>}:

v *T2,==+ AppScan D"Df>20Z1!?<P,kdk:

AppScan_Setup.exe /s /v"/qn"

v *T2,==+ AppScan DUof>20Z1!?<P,kdk:

AppScan_Setup.exe /l"1041" /s /v"/qn"

v *T2,==+ AppScan D+Df>20Z D:\Program Files\AppScan\ P,kdk:

AppScan_Setup.exe /l"1042" /s /v"/qn INSTALLDIR=\"D:\Program Files\AppScan\""

mI$

TmI$`M"20M\mDhv#

AppScan 20P|,;v1!mI$,KmI$Jm(h IBM (FhFD AppScan bT Web >c

(demo.testfire.net),+;Jm(hd{>c#*K(hzT:D>c,zXk20 IBM® a)DP'mI$#Z

jIKYw.0,AppScan +a0kM#f(hM(h#e,+;aTzD>cKPBD(h#

Rational mI$


S V7.8 *<,AppScan mI$S Rational mI$\?PDBX#P}V`MDmI$:

“!/”mI$b)mI$20= IBM Rational License Server(IkKP AppScan Dzw`,)#ZdO9C

AppScan DNN~qwyXk_PkmI$~qwDxg,S#C'?Nr* AppScan 1,<alv

;vmI$,xXU AppScan 1,aXBlkCmI$#

“nF”mI$b)mI$20= IBM Rational License Server(IkKP AppScan Dzw`,)#ZdO9C

AppScan DNN~qwyXk_PkmI$~qwDxg,S#C'?Nr* AppScan 1,<alv

yh}?DnF,xXU AppScan 1,aXBlkb)nF#

“Zcx(”mI$b)mI$20=KP AppScan DzwO#?vmI$;Vd=%vzw#

mI$4,

*i4mI$4,,k4PTBYw:

v %woz > mI$#ar*“mI$”T0r,T>mI$4,MTB!n:

0k IBM Rational mI$ g{z5P IBM Rational mI$(ZzDFczOrZd{x7~qwO),k%

wK&Tr* AppScan License Key Administrator,zITSbo0kM\mmI

$#Kb,2ISTB;Cr*CLr:

..\IBM\RationalRLKS\common\licadmin8.exe

mS AppScan Enterprise mI$ g{zDi/_P AppScan Enterprise mI$(Jm(h>X AppScan Standard m

I$JmD>cbDd{>c),G4}KVPmI$b,9I<kb)mI(T

Z>XzwO9C#

":v10kj{D AppScan Standard mI$(xG]>mI$).s,C!nE

IC#

i4mI$-i %wK&Ti4mI$-i#

":IT(}%w 4"BCT0rPT>DmI$E"#

":g{Qi$!/rnFmI$,+GmI$~qws4d*;IC,G4 AppScan IZ“O*,S==

”Bn`KP}l#ZbN1do,zITU#(h&CLr#

bTKP

g{z5P AppScan D@@1>(4,4:rmI$),G4IT(}(h IBM D“AltoroMutualBank”Web

>c(C>cGkT]>C>x4()4“bTKP”Cz7#9CTB URL MG<>$:

URL http://demo.testfire.net/

C'{ jsmith

\k demo1234

":g{z}Z9C AppScan D@@1>,G4 AltoroMutual Bank Web >cGzIT(hD(;>c#

m{Z 93D:y>(h;#

Z 1 B 20 AppScan 5

Z 2 B y>-rv :(h=hM(hWN;

v :Web &CLrk Web Service;

v Z 83D:w0Z;

v Z 83D:$wwL;

(h=hM(hWN

“AppScan +f(h”|(=v=h:“=w”M“bT”#!\(h}LDxs?VTZC'455JOG^lD,

"R1=(hjI8u;h*C'dk,+mbdsD-rT;\Poz#

v “=w”WN:ZZ;vWNP,a=w>c"9l&CLrw#bMG“=w”WN#AppScan aVv|y"

MD?vksDl&,iR1Z)4DNN8>E"#AppScan SU=I\8>P2+)4Dl&1,|+

T/4(bT,"G<i$fr(b)frG7(D)a{9I)4T0yf0=2+gUD6p1yh

Di$fr)#

v “bT”WN:Z“bT”WN,AppScan a"MdZ“=w”WN4(DO'u(FbTks#|aG<MVv

&CLrDl&,T6p2+Jb"+d42+gUD6pxPE{#

v “(h”WN:5yP,“bT”WNa51T>>cZDB4SM|`1Z20gU#rK,jI“=w”M“

bT”DZ;v“WN”s,AppScan +T/*<;vBD“WN”,T&mBDE"#(1!WN}G 4#)

Web &CLrk Web ServiceAppScan IT(h Web &CLrT0 Web Service#

v Web &CLr:M;c&CLr(;|, Web Service)xT,* AppScan a)p< URL MG<O$>

$I\cT9d\;bT>c#gPX*,z9ITV/Q0>c,T9 AppScan \;CJv(}X(C'

dkE\=oDxr#

v Web Service:g{G Web Service,G4/ID“(C~qM'z(GSC)”9C~qD WSDL D~Tw

q=T>ICD%@=(,"Ra4(C'QCD GUI 4r~q"Mks#zIT9CKgfdkN}Mi

4a{#K}LI AppScan xP“G<”"CZ4(kT~qDbT#


w0Z

wA;|,K%8"$_8"S<!qwM}v}]0q:&CLrw"a{PmM“j8E"”0q#B<T

>9C(hD}]xPndDwA;#

S<!qw %w}v4%PDdP;v,T!qZ}vw0qPT>D}]`M#

&CLrw afE(hxHnd&CLrw#(hjI1,CwT>Z&CLrPyR=DyPD~P"

URL MD~#

a{Pm T>&CLrwP!(ZcD`Xa{#

j8E"0q T>}v!n((“I/”"“^)(i”Mj{D“ks/l&”)PDa{PmZ!(ZcD`Xj

8E"#

$wwL

K?Vhv9C“(hdCr<”Dr%$wwL,TBC'rxPnbdC(h#eDC'nJO#|`D_

6C'I\269C(hdCT0r4dCd(h,V/=w3)>c( TT> AppScan 3)dMDC'P

*),;st/(h#

9CBPr<(h:

1. !q(h#e#(zITTs4U*sw{dC#)

2. r*“(hdCr<”"!q Web &CLr(hr Web Service (h#

3. 9CCr<4hC(h:

*(h&CLr:

a. dkp< URL#

b. (Fv)V/4PG<}L#

c. (I!)4s“bT_T”#

*(h Web Service:


a. dk WSDL D~;C#

b. (I!)4s“bT_T”#

c. 9C“(C~qM'z”(CM'zaT/r*)Tr~q"Mks,,1,AppScan aG<zDdkM

SU=Dl&#

":zXkr~q"MAY;vks,Tc AppScan \;TdxPbT#

4. (I!,v&CLr)KP Scan Expert:

a. KP Scan Expert T4sT}Z(hD&CLrDdCGqP'#

b. 4s(iDdC|D"!qTX&Cb)|D#

":t/(h1,zITdC Scan Expert TT/4PdVv"&C?V(i#

5. t/T/(h#

6. (I!)KP Result Expert T&m(ha{,"r“JbE"”!n((“j8E"”0q)mSE"#

7. “4sa{”CZ@@>cD2+4,(Result Expert Iozz4PKYw),T0

v V/=wd{4S

v r!(f

v 4s9HNq

v rzD1]zY53G<1]

y>(h

y>(hIozzP\ AppScan DC(T0(ha{DZ]#

IZ20 AppScan 1+}vy>(h#f=zDzw#Ir*b)(hTi4gNT|GxPdCT0gNZ

AppScan PT>a{#|GIZw AppScan Standard D~PPR=,d1!;C*:

C:\Program Files (x86)\IBM\AppScan Standard

(h|(:

demo.testfire.net.scanbG AppScan ]>bT>cD(h#zIT4sdCMa{#9ITr>c"Md{ks"9CB}

]Lx(h#

GSC_demo.testfire.scanbG AppScan ]>bT>cD Web Service (h#zIT4sdCMa{#g{Q20K GSC((

C~qM'z),G4I+dCZr>c"Md{ks"9CB}]Lx(h#

Glass_Box_Sample_Scan.scanbG9C Java &CLr~qwD glass box (hD>}#zIT4sdC"rBj!=%vJbTi

4 glass box a{DZ]#

":Glass box h*}Z(hD&CLrD~qwOzmLrDCJ(,xRz;PCZC(hDzm

LrDCJ(,rK^(Lx(h#

Z 2 B y>-r 9

Z 3 B (hdC

XZKNq

>?Vhv9CCr<4xPj<&CLr(hdC#*q!_6dC=(M Web Service (hdCDj8E

",kNDw*DC'8OMZ_oz#

}L

1. t/ AppScan#

2. Z“6-A;”O,%w4(B(h#

3. Z“B((h”T0rP,i$GqQ!q“t/r<”4!r#

4. Z“$(eD#e”xr,%w1!5T9C1!#e#(g{z}Z9C AppScan (h_P(C$(e#

eDdP;vbT>c,G4k!qC#e:Demo.Testfire"Foundstone r WebGoat#)

5. !q Web &CLr(h"%wB;=,TxP}v=hhCDZ;=#

6. Z(h*<&dk URL#

":g{zh*mSd{~qwrr,G4k%w“_6”#

7. %wB;=TLxxPB;=h#

8. !qG<DG<,;s%wB(# b1aT>hvG<G<}LD{"#

9. %w7(# b1ar*6k=/@w,dPD“G<”4%Q4B(JR+)#

10. /@G<3f,G<P'DG<rP,;s!q/@w#

11. Z“a0E"”T0rP,4sG<rP"%w7(#

12. %wB;=TLxxPB;=h# Zb;=h,zIT4s+CZ(hD“bT_T”(4,D;`paC

Z(h)#

":1!ivB,a9CyP}Vk=bTTbDbT#

":_64%9z\;XFd{bT!n,dP|(X(}6(bTZ;_PdVDCJX(1,C'I

CJX(J4DLH)M`WN(h#

13. 1!ivBa!qa0Plb4!r,"Ra;vT>8>l&&Z“a0P”4,DD>#Z(h}L

P,AppScan a"Mv/EEks,liKD>Dl&,Ti$dGqT&ZG<4,("Zh*1XB

G<)#i$;vT>DD>Gq75\;$wa0DP'T#

14. %wB;=#

15. !qJ1D%!4%Tt/T/(h,9CV/=wrTs4t/(IT(}%w$_8OD“t/”<j

4Tst/(h)#

16. (I!)1!ivB,a!q Scan Expert 4!r,TcZjIr<1KP Scan Expert#zITe}K!

q,T1Sxk(h=h#

17. %wjITKvCr<#

Scan Expert“(hdCr<”PDdP;v!nJCZ Scan Expert,I8<dKPrL(h,T@@X(>cDBdCD'

J#


KP Scan Expert 1,aZA;D%?r* Scan Expert fe,"RIZ Scan Expert =w>c,&CLrw

+a*<vVZs_D0qP#

ZrL@@ax1, Scan Expert a*z(iITS\r\xDdC|D#(zIT%@i4wv(i,2I

T!qT/&C(i#)

":?V|D;\I Scan Expert V/xP&C,rK,1!qT/!n1,I\;a&C?V|D#

v *V/KP Scan Expert,k(}rL“=w”WNxP(g{P4P“=w”a{),k%w(h > KP“ScanExpert @@”#

v *ZVP“=w”WNa{OV/KP Scan Expert,k%w(h > ;KP“Scan Expert Vv”#

v *+ Scan Expert dC*Z(h*<0T/KP,k%w$_ > !n > W!n,;s!q(h*<0KPScan Expert#

v *dCKPDv Scan Expert #i,k%wdC > Scan Expert#

V/=w

XZKNq

(}%w4S"dk}],“V/=w”9z\;TP/@&CLr#AppScan aG<zDYw,"9CC}]

44(bT#P}VI\D-rCzk*xPV/=w:

v *K+]4T//zF(g*sdkfzVTw*<qT>)

v *K=wX(DC'xL(Z3VivB,C'+CJD URL"D~MN})

v IZZ(h}LP"VK;%=4S,"Rzk*n4yh}]TtC|Sj!D(h

":4(“V/=w”s,zI\k*LxT/“=w”=h,Tc(hI2GzD{v&CLr#

}L

1. %w(h > V/=w

b1ar*6k=/@w#

2. /@>c,;s%w4S"4*sn4VN#

3. jIsXU/@w#

":zIT(}%w]#,/@Ad{;C,;s%wG<4V4G<,Sx4(|,`v}LDV/=

w#

b1aT>Q=wD URL T0r,dPT>zyCJD URL#

4. %w7(#

5. AppScan alizDyPdkGqJOmS=“T/m%ndw”,T>Pm,T0/Jg{by/J,zk

*mS+?"^9G!(DN}#

v g{zk*+?VdkmS=“T/m%ndw”,G4k%wmS!(Ddk#;sZ“Y1m%N}”

PmP!qn,"%wF/(T+dF/=“VPm%N}”Pm)#;s%w7(#

6. %w7(# AppScan VvQQ0D URL,"yZCVv44(bT#

7. *KPBbT,k%w(h > Lx(h#


Z 4 B (h

(h*<1,“xHfe”avVZA;D%?,"k4,8(?EA;DW?);pT>(hxHDj8E

"#Z&m}LP,0qaI51a{nd#

“xH”fe

xHfeT>10WND(hT0}ZxPbTD URL MN}#

g{Z(h}LP"VKB4S("RtCK`WN(h),G4aZH0DWNjIsT/t/d{(hW

N#BWNI\assLZH0DWN,r*va(hB4S#ZxHfeO9I\aT>/(,g“~qw

XU”#

4,8

A;W?D4,8T>TB(hE":

v QCJ3f}:QCJD3f}?/*CJD3f\}

fE"V3)3f,;sr*;h*(hb)3fx\xK`3f,Z~v}VI\aZ(hZdvS,

;suY#(hax1,=v}V&C`H#

v QbT*X}?:QbT,u}?/*bTD*X\}

fE"V*bTD*X,Z~v}VaZ“=w”WNvS#bTWN,Z;v}V+vS#(hax1,=

v}V&C`H#

v "MD HTTP ks}

C}VzmyPQ"MDks,|(a0Plbks"~qwXUlbks"G<ks"`=hYwMb

Tks#rKZ(hZd,bG AppScan }Z$wD8>{,+^[GZ(hZd9GZ(h.s,5J}

V;PNNXbX*be#

v 2+Jb}

"VD2+JbD\},szZ?v`pPD`E:_"P"MMN<#

wH(h

zITwH(hTT/t/;Nr(ZT/t/#

}L

1. %w$_ > (hwHLr,;s%wB(#

2. *wHdk{F,;sn4zyhD!n:

v !q10(hrQ#fD(h(g{!q“Q#fD”,G4k/@=XhD .scan D~)

v !q?U"?\"?Brv;N#

v *(h!qUZM1d

v dkr{M\k

3. %w7(#


K1aZ(hwHLrT0rPT>wH{F#


Z 5 B &ma{v :a{S<;

v Z 163D:Result Expert;

v Z 163D:<va{;

a{S<

IT}VS<4T>a{:“2+Jb”"“9HNq”M“&CLr}]”#I(}%wS<!qwPD4%4!

qS<#IZ!(DS<;,,Z}v0qPT>D}]2aPy;,#

“}]”S< T>4T“=w”WNDE>N}";%= URL"QCJD URL"PO4S"Q}KD

URL""M"JavaScript M cookie#

&CLrw:jI&CLrw#

a{Pm:S“a{Pm”%?D/vPmP!q}Kw,T7(*T>D)E"#

j8E"0q:Z“a{Pm”P!(DnDj8E"

kd{=VS<;,,49 AppScan vjIK“=w”=h,“&CLr}]”S<2IC#

9C“a{Pm”%?D/vPm4}K}]#

“Jb”S< T>"VD5JJb,SEv6p;1=vpks/l&6p#bG1!S<#

&CLrw:jI&CLrw#?vnTDF}waT>*nR=DJb}?#

a{Pm:Pv&CLrwPy!(DZcDJb,T0?vJbDOXT#

j8E"0q:T>Z“a{Pm”P!(JbDI/"^)(iMks/l&(|(y

9CDyPde)

NqS< a)X(^4NqDNqPm,T^)(hyR=DJb#

&CLrw:jI&CLrw#?vnTDF}waT>CnD^)(i}?#

a{Pm:Pv&CLrwPy!(DZcD^)Nq,T0?nNqDEH6#

j8E"0q:T>Z“a{Pm”Py!(D^4NqDj8E",T0C^4+bv

DyPJb#

OXT6p

“a{Pm”T>&CLrwP!(DNNnDJb#b)ITGTB8V6p:

v y6p:T>yP>cJb

v 3f6p:3fDyPJb

v N}6p:kTX(3fDX(ksDyPJb

a*?vJbVddP;V2+6p(2DV):

_2+Jb


PH2+Jb

M2+Jb

N<2+Jb

"b:K`pvJCZ“JbS<”#Z“9HS<”P,yPMZ“PH”DJb<V`*“M”#

":VdxNNJbDOXT6p<IT(}R|%wZc4xPV/|D#

“2+Jb”!n(

Z“2+Jb”S<P,aZTBDv!n(D“j8E"”0qPT>!(JbD)4j8E":

JbE" Zd{“j8E"”0q!n(OICDE"**#dw*?DZZT>I Result Expert m

SDd{E"#KE"|(kTJbD CVSS H?5@VM`XA;lU,b)ITka

{;p#f"|,Z(fP#

I/ !(JbD<uj8E",T0|`E"D4S#Xk^)DZ]M-r#

^)(i *#O Web &CLr;avV!(DX(Jbx&jID_eNq#

ks/l& T>"M=&CLr0dl&DX(bT(IT HTML q=rZ Web /@wPi4)#

de:g{fZde("M=,; URL D;,N}),G4I(}%w!n(%?D < M> 4%4TdxPi4#

C!n(R_D=v!n(9z\;i4dej8E","mS+ka{;,#fDl

U#

Result ExpertResult Expert ICZ&m(ha{DwV#iiI#&mDa{+mS=“j8E"”0qD“JbE"”!n(,

T9T>DE"|S[OMj8,|(Z`X&DcDA;lU#

Result Expert ITdC*Z+f(h.sT/KP,2IZf1Z+fr?V(ha{OV/KP#

t1dP^F,"Ra{D}?\s,G4zI\;#{KP Result Expert,r_{C|D;vr`v#i#

v *KPZVPa{OV/KP Result Expert,k%wKP > a{(R#

v *+ Result Expert dC*Z(hax1T/KP,k%w$_ > !n > W!n,;s!q(haxsKP Result Expert#

v *dCKPDv Result Expert #i,k%wdC > Result Expert#

<va{

XZKNq

zIT+j{D(ha{<v* XML D~,r<v*X5}]b#(}]b!na+a{<v= Firebird }

]ba9#bG*E=4zk,Rq- ODBC M JDBC j<#)


}L

1. %wD~ > <v,;s!q XML r DB#

2. /@Ak*D;C,;s*D~dk{F#

3. %w#f#

Z 5 B &ma{ 17

Z 6 B (f

AppScan @@Kz>cD)4s,ITzIkTi/PwVK1xdCD(F(f#

zITZ AppScan Zr*"i4(f,"+d#f*IIZ}=&CLr(g Acrobat Reader)r*DD~#

<j {F rLhv

2+(f (hZdR=D2+JbD(f#2+E"I\G#c:,"Iy]zDh*xP}K#

|(yvj<#e,+y]h*,?v#e<IaWw{,T|(rE}E"`p#

P5j<(f &CLrkT!(DP5/1arzT:D(Fj<KTmD;BT(rG;BT)(

f#

Of;BT(f &CLrkTf6r(Ij<Ds?!nrzT:D(F“Of;BT”#eD;BT(r

G;BT)(f#

v?Vv(f “v?Vv”(fHOK=i(ha{,"T>K"VD URL M/r2+JbPDnl#

yZ#eD(f |,C'(eD}]MC'(eDD5q=/D(F(f(q=* Microsoft Word

.doc)#

":“P5j<”M“Of;BT”(fZ AppScan Developer Edition P;IC#


Z 7 B w$_8

$_8OD<jT#C&\a)lYCJ(2ISK%PCJ)#

<j {F %wT:

(h > (v1Q0k"dC(hsEIC#)r*rLD“(h”K%,aT>TB!n:

+f(h:t/+f(h(=wMbTWN)rLxQ]#D(h#

v=w:vKP=wWN(rLxQ]#D=w),.s;h*xPbTWN#

vbT:vKPbTWN(rLxQ]#DbT),;h*WHKP=wWN#v1

QfZ;)=wa{1,C4%EGn/D#

]#(h (v1(h}ZKP1,C4%EGn/D#)]#10(h(;\G“+f(h”"“

v=w”9G“vbT”)#

TszITV4C(h#z2I#fQ]#D(h,TcBNITLx#

V/=w r*/@wTxk&CLrD URL "V//@C>c,Z/@}LPn4XnDN

}#;s,AppScan Z*>c4(bT1,a+C=w}]mS=d>mT/U/D

=w}]#

dC r*“(hdC”T0r,TdC(h#

(f 9C10(h}]44((f#

iR iRJb#(v1Q!(“Jb”S<1EtC#)

(hU> T>(hZdr(h.sD“(hU>”#(Pv(hZd"zD"I AppScan y4

PDyPYw#)

PowerTool r*f AppScan a)D3v PowerTool &CLr,TozzjIwVNq#

S<!qw

$_8R`D}v<jZ}vS<dP;:&CLr}]"2+TJbM^9Nq#

<j {F %wTT>:

}]S< “&CLr}]”S<#


<j {F %wTT>:

JbS< “2+TJb”S<#

“Nq”S< “^9Nq”S<#


IBM Security AppScan Standard V9.0 D5yw

© Copyright IBM Corporation 2000, 2014.

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Con-

tract with IBM Corp.

`LSZ:8(D`LSZ9M'\;`4LrTq! IBM Security AppScan Standard Edition D~q#

>E"G*Z@za)Dz7M~q`4D#

IBM I\Zd{zRrXx;a)>D5PV[Dz7"~qr&\XT#PXz10yZxrDz7M~q

DE",krz1XD IBM zmI/#NNT IBM z7"Lrr~qD}C"GbZw>r5>;\9C

IBM Dz7"Lrr~q#;*;V8 IBM D*6z(,NN,H&\Dz7"Lrr~q,<ITzf IBM

z7"Lrr~q#+G,@@Mi$NNG IBM z7"Lrr~q,rIC'TP:p#

IBM +>I\Q5Pr}Zjkk>D5Z]PXDwn({#a)>D5"4ZhC'9Cb)({DNN

mI#zITCif==+mIi/Dy:

IBM Director of Licensing

IBM Corporation

North Castle Drive

Armonk, NY 10504-1785

U.S.A.

PX+VZ (DBCS) E"DmIi/,kkzyZzRrXxD IBM *6z(?E*5,rCif==+i

/Dy:

Intellectual Property Licensing

Legal and Intellectual Property Law

IBM Japan, Ltd.

1623-14, Shimotsuruma, Yamato-shi

Kanagawa 242-8502 Japan

>un;JC"zrNNbyDunk1X(I;;BDzRrXx:International Business Machines Corpo-

ration“4V4”a)>vfo,;=PNNV`D(^[Gw>D9G5,D)#$,|(+;^Z5,DP

XGV("JzMJCZ3VX(C>D#$#3)zRrXxZ3);WP;Jmb}w>r5,D#$#

rK>unI\;JCZz#

>E"PI\|,<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b)|D+`k>JODB

f>P#IBM ITf1T>JOPhvDz7M/rLrxPDxM/r|D,x;mP(*#

>JOPTG IBM Web >cDNN}C<;G*K=cp{Ea)D,;TNN==d1TG) Web >c

D#$#G) Web >cPDJO;GK IBM z7JOD;?V,9CG) Web >cx4DgU+IzTP

P##

IBM IT4|O*J1DNN==9CrV"zya)DNNE"x^kTzP#NNpN#


>LrD;mI=g{*KbPX>LrDE"To=gB?D:(i) 'VZ@"4(DLrkd{Lr(|(

>Lr).dxPE";;,T0 (ii) 'VTQ-;;DE"xP`%9C,G4&CkBPX7*5:

Intellectual Property Dept. for Security Software

IBM Corporation

5 Technology Park Drive

Westford, MA 01886

U.S.A.

;*qXJ1Du~Mun,|(3)iNBD;(}?D6Q,<IqCb=fDE"#

>JOPhvDmILr0dyPICDmIJOyI IBM @] IBM M'-i"IBM zJm~mI-ir

NN,H-iPDuna)#

K&|,DNNT\}]<GZ\X73PbCD#rK,Zd{Yw73PqCD}]I\aPwTD;

,#P)b?I\GZ*"6D53OxPD,rK;#$k;cIC53OxPDb?a{`,#Kb,P

)b?G(}Fcx@FD,5Ja{I\aPnl#>D5DC'&1i$dX(73DJC}]#

f0G IBM z7DE"ISb)z7D)&L"dvf5wrd{I+*qCDJOPq!#IBM ;PTb

)z7xPbT,2^(7OdT\D+7T"f]TrNNd{XZG IBM z7Dyw#PXG IBM z7

T\DJb&1rb)z7D)&Lav#

yPXZ IBM 44=rrbrDyw<If1|DrUX,x;mP(*,|Gvvm>K?jMb8xQ#

>E"|,ZU#5qYwP9CD}]M(fD>}#*K!I\j{X5wb)>},>}PI\a|(

vK"+>"7FMz7D{F#yPb){V<Gi9D,tV5znP5J5qs59CD{VMX7k

K`F,?tIO#

f(mI

>E"|(4oTN=Dy>&CLr,b)y>5w;,Yw=(OD`L=(#g{G*4UZ`4y>

LrDYw=(OD&CLr`LSZ(API)xP&CLrD*""9C"-zrV"*?D,zITNN

N=Tb)y>LrxP4F"^D"V",x^kr IBM 6Q#b)>}"4ZyPu~Bw+fbT#r

K,IBM ;\##r5>b)LrDI?T"I,$Tr&\#y>Lr“4V4”a),;=PNNV`D#

$#TZr9Cy>Lrx}pDNNp&,IBM ;P#NNpN#

2b)5}LrD?]=4rdNN?VrNN\zz7,<Xk|(gBf(yw:

© (s+>D{F) (j)#K?VzkGy] IBM +>Dy>Lr\zv4D#© Copyright IBM Corp. 2000,

2014.

g{z}Zi4>E"Dm=4,<,MJ+<}I\^(T>#

Ljyw

IBM"IBM UjM ibm.com® G International Business Machines Corp. Z+r`v\=xrZ"aDLjM"

aLj#d{z7M~q{FI\G IBM rd{+>DLj#IBM LjDnBPmIZ Web 3f

www.ibm.com/legal/copytrade.shtml Oq!#

Adobe G Adobe 53Z@zM/rd{zRrXxh"D"aLjrLj#

Intel M Pentium G Intel Corporation rdS+>Z@zMd{zRrXxDLjr"aLj#


http://www.ibm.com/legal/copytrade.shtml

Microsoft"Windows M Windows NTG Microsoft Corporation Z@zM/rd{zRrXxDLj#

UNIX G The Open Group Z@zMd{zRrXxD"aLj#

Java and JavaScript G Sun Microsystems, Inc. Z@zM/rd{zRrXxDLj#

d{z7M~q{FI\G IBM rd{+>DLj#

IBM Security AppScan Standard V9.0 D5yw 25

��

Printed in China

GI13-2874-00

IBM Security AppScan Standardn -...

Documents

Transcript of IBM Security AppScan Standardn -...