ユーザインターフェイスの概要 - Cisco...•ボイスメール •ハブの表示 MicrosoftWindowsのタスクバーを画面上部に配置しないでください。[ドッキング(Docked)]
IBM Security AppScan Standardn -...
Transcript of IBM Security AppScan Standardn -...
?<
Z 1 B 20 AppScan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153hs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32,20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3mI$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4bTKP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Z 2 B y>-r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7(h=hM(hWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Web &CLrk Web Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7w0Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8$wwL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8y>(h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Z 3 B (hdC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Scan Expert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11V/=w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Z 4 B (h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13wH(h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Z 5 B &ma{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15a{S< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Result Expert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16<va{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Z 6 B (f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Z 7 B w$_8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
IBM Security AppScan Standard V9.0 D5yw . . . . . . . . . . . . . . . . . . 23
© Copyright IBM Corp. 2000, 2014 iii
Z 1 B 20 AppScanv :53hs;
v Z 33D:20;
v Z 33D:2,20;
v Z 43D:mI$;
v Z 53D:bTKP;
53hs
KP AppScan Standard yhnM2~Mm~D**#
2~hs
2~ nMhs
&mw Core 2 Duo 2 GHz(r,H&mw)
Zf 3 GB RAM
ELUd 30 GB
xg 1 NIC 100 Mbps(kT_PQdC TCP/IP Dxg(E)
Yw53Mm~hs
m~ j8E"
Yw53 \'VDYw53:(32 ;M 64 ;f>):
v Microsoft Windows Server 2012:Essentials"Standard M Datacenter
v Microsoft Windows Server 2012 R2:Essentials"Standard M Datacenter
v Microsoft Windows Server 2008:Standard M Enterprise,SP1 M SP2
v Microsoft Windows Server 2008 R2:Standard M Enterprise(,r;, SP1)
v Microsoft Windows 8.1:Pro M Enterprise
v Microsoft Windows 8:Standard"Pro M Enterprise
v Microsoft Windows 7:Enterprise"Professional M Ultimate(,r;, SP1)
/@w Microsoft Internet Explorer 8"9"10"11
mI$\?~
qw
Rational® License Key Server 8.1.1"8.1.2"8.1.3"8.1.4
© Copyright IBM Corp. 2000, 2014 1
m~ j8E"
d{ Microsoft .NET Framework 4.5
(I!)h* Adobe Flash Player for Internet Explorer V10.1.102.64 r|_f>E\4P Flash(T
0i43)(iPD8>S5)#;'VOMDf>,R3)f>I\h*xPdC#PXj8E",
kNDwC'8O#
(I!)CZ(F(f#eD Microsoft Word 2003"2007"2010"2013
(I!)\'VD1]zY53:
v Rational ClearQuest® 7.1.1"7.1.2"8.0
v HP Quality Center 9.2"10
*c:ZdzwO;P>XmI$DM'Z9C AppScan 1h*kdmI~qwxPxg,S#
*c:k AppScan KPZ,;FczODvK@p=Ih9(E,"<Ba{;}7MT\5M#*KqCn
Qa{,k;*ZKP AppScan DFczOKPvK@p=#
Glass box ~qwhs
Glass box (h&\h*Z&CLr~qwO20 glass box zmLr#PX|`j8E",kND*zoz,
r_GZw glass box D~PPR=D Glass Box C'8O,1!ivBC8O;Z:
C:\Program Files (x86)\IBM\AppScan Standard\Glass box
Java =(:Z Java =(O,'VTB~qw=(M<u#
m~ j8E"
Yw53 \'VD Microsoft Windows 53:(32 ;M 64 ;f>):
v MicrosoftWindows Server 2012
v MicrosoftWindows Server 2012 R2
v MicrosoftWindows Server 2008
v MicrosoftWindows Server 2008 R2
\'VD Linux 53:
v Linux RHEL 5"6"6.1"6.2"6.3
v Linux SLES 10 SP4"11 SP2
\'VD UNIX 53:
v UNIX AIX® 6.1"7.1
v UNIX Solaris 10 (SPARC)
v UNIX Solaris 11 Express®
Java™ EE ]
w
JBoss AS 6"7;JBoss EAP 6.1;Tomcat 6.0"7.0;WebLogic 11;WebSphere 7.0"8.0"8.5"8.5.5
.NET =(:Z .NET =(O,'VTB53M<u:
2 IBM Security AppScan Standard: kE
n j8E"
Yw53 \'VDYw53:(32 ;M 64 ;f>):
v MicrosoftWindows Server 2012
v MicrosoftWindows Server 2012 R2
v MicrosoftWindows Server 2008
v MicrosoftWindows Server 2008 R2
d{ Microsoft IIS 7.0 r|_f>
Xk20 Microsoft .NET Framework 4.0 r 4.5,"RXkZy6pdC IIS,E\CZKf>D ASP.net
":Z~qwOKP&CLr1,C'Xk_P\m1X(#
":&Z~qwOI&20Kz*bTD&CLr.s20zmLr#
20
20r<CZ8<zjIb;lYxr%D}L#
}L
1. XUNNQr*D Microsoft Office &CLr#
":g{Q20 Microsoft Word 2003 r|_f>,G4Z20Zd,a+ AppScan Smart jGmS=|
D Smart jG!n#4((F(f#e1,IT+b)jGekVNzkP#*KxPCYw,Z20Z
d,XkXU Microsoft Word Md{NN9CjGD Microsoft Office Lr(g Microsoft Outlook)#
2. t/ AppScan 20#
+t/“InstallShield r<”,"lizD$w>GqzcnM20hs#;saT> AppScan® 20r<6
-A;#
3. k4Ur<8>E"4jI AppScan 20#
":53a*sz20rBX GSC((C~qM'z)#g{*/@ Web Services TdC Web Services
(h,GSC GX*D,+g{;C(h Web ~q,G4 GSC M;GX*D)#
2,20
9C|nPxP^KU\20D8>E"#
zIT9C|nPMTBN}“2,X”20 AppScan:
AppScan_Setup.exe /l"LanguageCode" /s /v"/qn INSTALLDIR=\"InstallPath\""
*c: g{Z20 Rational AppScan D,1k*20“(C~qM'z”((h Web Service yXhD,+;
G;(h Web &CLr),zXkKP|,=v20 (.exe) D~DD~PPD|nP#
Z 1 B 20 AppScan 3
N} &\
/l oTzk#!nP:
v "o:1033
v PD(1e):1028
v PD(re):2052
v (o:1036
v Bo:1031
v bs{o:1040
v Uo:1041
v +o:1042
v OQ@o:1033
v w`@o:1034
/s $n“2,==”(qr+t/#f20)#
":Xkk /v″/qn″ aO9C(kNDB;P)
/v hCd{ MSI tT,g UI #=M AppScan +20=D76#
UI #=:
TZ“2,==”,|, /qn w*N}(Z=_S}E)#
76:
g{z4(e2076,G420+9C1!76:...Program Files\IBM\AppScan Standard\
*(ed{2076,kmS INSTALLDIR=\"InstallPath\" w*N}(Z=_SO}E)#76I\|
(Uq#
>}:
/v"/qn INSTALLDIR=\"D:\Program Files\AppScan\""
>}:
v *T2,==+ AppScan D"Df>20Z1!?<P,kdk:
AppScan_Setup.exe /s /v"/qn"
v *T2,==+ AppScan DUof>20Z1!?<P,kdk:
AppScan_Setup.exe /l"1041" /s /v"/qn"
v *T2,==+ AppScan D+Df>20Z D:\Program Files\AppScan\ P,kdk:
AppScan_Setup.exe /l"1042" /s /v"/qn INSTALLDIR=\"D:\Program Files\AppScan\""
mI$
TmI$`M"20M\mDhv#
AppScan 20P|,;v1!mI$,KmI$Jm(h IBM (FhFD AppScan bT Web >c
(demo.testfire.net),+;Jm(hd{>c#*K(hzT:D>c,zXk20 IBM® a)DP'mI$#Z
jIKYw.0,AppScan +a0kM#f(hM(h#e,+;aTzD>cKPBD(h#
Rational mI$
4 IBM Security AppScan Standard: kE
S V7.8 *<,AppScan mI$S Rational mI$\?PDBX#P}V`MDmI$:
“!/”mI$b)mI$20= IBM Rational License Server(IkKP AppScan Dzw`,)#ZdO9C
AppScan DNN~qwyXk_PkmI$~qwDxg,S#C'?Nr* AppScan 1,<alv
;vmI$,xXU AppScan 1,aXBlkCmI$#
“nF”mI$b)mI$20= IBM Rational License Server(IkKP AppScan Dzw`,)#ZdO9C
AppScan DNN~qwyXk_PkmI$~qwDxg,S#C'?Nr* AppScan 1,<alv
yh}?DnF,xXU AppScan 1,aXBlkb)nF#
“Zcx(”mI$b)mI$20=KP AppScan DzwO#?vmI$;Vd=%vzw#
mI$4,
*i4mI$4,,k4PTBYw:
v %woz > mI$#ar*“mI$”T0r,T>mI$4,MTB!n:
0k IBM Rational mI$ g{z5P IBM Rational mI$(ZzDFczOrZd{x7~qwO),k%
wK&Tr* AppScan License Key Administrator,zITSbo0kM\mmI
$#Kb,2ISTB;Cr*CLr:
..\IBM\RationalRLKS\common\licadmin8.exe
mS AppScan Enterprise mI$ g{zDi/_P AppScan Enterprise mI$(Jm(h>X AppScan Standard m
I$JmD>cbDd{>c),G4}KVPmI$b,9I<kb)mI(T
Z>XzwO9C#
":v10kj{D AppScan Standard mI$(xG]>mI$).s,C!nE
IC#
i4mI$-i %wK&Ti4mI$-i#
":IT(}%w 4"BCT0rPT>DmI$E"#
":g{Qi$!/rnFmI$,+GmI$~qws4d*;IC,G4 AppScan IZ“O*,S==
”Bn`KP}l#ZbN1do,zITU#(h&CLr#
bTKP
g{z5P AppScan D@@1>(4,4:rmI$),G4IT(}(h IBM D“AltoroMutualBank”Web
>c(C>cGkT]>C>x4()4“bTKP”Cz7#9CTB URL MG<>$:
URL http://demo.testfire.net/
C'{ jsmith
\k demo1234
":g{z}Z9C AppScan D@@1>,G4 AltoroMutual Bank Web >cGzIT(hD(;>c#
m{Z 93D:y>(h;#
Z 1 B 20 AppScan 5
Z 2 B y>-rv :(h=hM(hWN;
v :Web &CLrk Web Service;
v Z 83D:w0Z;
v Z 83D:$wwL;
(h=hM(hWN
“AppScan +f(h”|(=v=h:“=w”M“bT”#!\(h}LDxs?VTZC'455JOG^lD,
"R1=(hjI8u;h*C'dk,+mbdsD-rT;\Poz#
v “=w”WN:ZZ;vWNP,a=w>c"9l&CLrw#bMG“=w”WN#AppScan aVv|y"
MD?vksDl&,iR1Z)4DNN8>E"#AppScan SU=I\8>P2+)4Dl&1,|+
T/4(bT,"G<i$fr(b)frG7(D)a{9I)4T0yf0=2+gUD6p1yh
Di$fr)#
v “bT”WN:Z“bT”WN,AppScan a"MdZ“=w”WN4(DO'u(FbTks#|aG<MVv
&CLrDl&,T6p2+Jb"+d42+gUD6pxPE{#
v “(h”WN:5yP,“bT”WNa51T>>cZDB4SM|`1Z20gU#rK,jI“=w”M“
bT”DZ;v“WN”s,AppScan +T/*<;vBD“WN”,T&mBDE"#(1!WN}G 4#)
Web &CLrk Web ServiceAppScan IT(h Web &CLrT0 Web Service#
v Web &CLr:M;c&CLr(;|, Web Service)xT,* AppScan a)p< URL MG<O$>
$I\cT9d\;bT>c#gPX*,z9ITV/Q0>c,T9 AppScan \;CJv(}X(C'
dkE\=oDxr#
v Web Service:g{G Web Service,G4/ID“(C~qM'z(GSC)”9C~qD WSDL D~Tw
q=T>ICD%@=(,"Ra4(C'QCD GUI 4r~q"Mks#zIT9CKgfdkN}Mi
4a{#K}LI AppScan xP“G<”"CZ4(kT~qDbT#
© Copyright IBM Corp. 2000, 2014 7
w0Z
wA;|,K%8"$_8"S<!qwM}v}]0q:&CLrw"a{PmM“j8E"”0q#B<T
>9C(hD}]xPndDwA;#
S<!qw %w}v4%PDdP;v,T!qZ}vw0qPT>D}]`M#
&CLrw afE(hxHnd&CLrw#(hjI1,CwT>Z&CLrPyR=DyPD~P"
URL MD~#
a{Pm T>&CLrwP!(ZcD`Xa{#
j8E"0q T>}v!n((“I/”"“^)(i”Mj{D“ks/l&”)PDa{PmZ!(ZcD`Xj
8E"#
$wwL
K?Vhv9C“(hdCr<”Dr%$wwL,TBC'rxPnbdC(h#eDC'nJO#|`D_
6C'I\269C(hdCT0r4dCd(h,V/=w3)>c( TT> AppScan 3)dMDC'P
*),;st/(h#
9CBPr<(h:
1. !q(h#e#(zITTs4U*sw{dC#)
2. r*“(hdCr<”"!q Web &CLr(hr Web Service (h#
3. 9CCr<4hC(h:
*(h&CLr:
a. dkp< URL#
b. (Fv)V/4PG<}L#
c. (I!)4s“bT_T”#
*(h Web Service:
8 IBM Security AppScan Standard: kE
a. dk WSDL D~;C#
b. (I!)4s“bT_T”#
c. 9C“(C~qM'z”(CM'zaT/r*)Tr~q"Mks,,1,AppScan aG<zDdkM
SU=Dl&#
":zXkr~q"MAY;vks,Tc AppScan \;TdxPbT#
4. (I!,v&CLr)KP Scan Expert:
a. KP Scan Expert T4sT}Z(hD&CLrDdCGqP'#
b. 4s(iDdC|D"!qTX&Cb)|D#
":t/(h1,zITdC Scan Expert TT/4PdVv"&C?V(i#
5. t/T/(h#
6. (I!)KP Result Expert T&m(ha{,"r“JbE"”!n((“j8E"”0q)mSE"#
7. “4sa{”CZ@@>cD2+4,(Result Expert Iozz4PKYw),T0
v V/=wd{4S
v r!(f
v 4s9HNq
v rzD1]zY53G<1]
y>(h
y>(hIozzP\ AppScan DC(T0(ha{DZ]#
IZ20 AppScan 1+}vy>(h#f=zDzw#Ir*b)(hTi4gNT|GxPdCT0gNZ
AppScan PT>a{#|GIZw AppScan Standard D~PPR=,d1!;C*:
C:\Program Files (x86)\IBM\AppScan Standard
(h|(:
demo.testfire.net.scanbG AppScan ]>bT>cD(h#zIT4sdCMa{#9ITr>c"Md{ks"9CB}
]Lx(h#
GSC_demo.testfire.scanbG AppScan ]>bT>cD Web Service (h#zIT4sdCMa{#g{Q20K GSC((
C~qM'z),G4I+dCZr>c"Md{ks"9CB}]Lx(h#
Glass_Box_Sample_Scan.scanbG9C Java &CLr~qwD glass box (hD>}#zIT4sdC"rBj!=%vJbTi
4 glass box a{DZ]#
":Glass box h*}Z(hD&CLrD~qwOzmLrDCJ(,xRz;PCZC(hDzm
LrDCJ(,rK^(Lx(h#
Z 2 B y>-r 9
Z 3 B (hdC
XZKNq
>?Vhv9CCr<4xPj<&CLr(hdC#*q!_6dC=(M Web Service (hdCDj8E
",kNDw*DC'8OMZ_oz#
}L
1. t/ AppScan#
2. Z“6-A;”O,%w4(B(h#
3. Z“B((h”T0rP,i$GqQ!q“t/r<”4!r#
4. Z“$(eD#e”xr,%w1!5T9C1!#e#(g{z}Z9C AppScan (h_P(C$(e#
eDdP;vbT>c,G4k!qC#e:Demo.Testfire"Foundstone r WebGoat#)
5. !q Web &CLr(h"%wB;=,TxP}v=hhCDZ;=#
6. Z(h*<&dk URL#
":g{zh*mSd{~qwrr,G4k%w“_6”#
7. %wB;=TLxxPB;=h#
8. !qG<DG<,;s%wB(# b1aT>hvG<G<}LD{"#
9. %w7(# b1ar*6k=/@w,dPD“G<”4%Q4B(JR+)#
10. /@G<3f,G<P'DG<rP,;s!q/@w#
11. Z“a0E"”T0rP,4sG<rP"%w7(#
12. %wB;=TLxxPB;=h# Zb;=h,zIT4s+CZ(hD“bT_T”(4,D;`paC
Z(h)#
":1!ivB,a9CyP}Vk=bTTbDbT#
":_64%9z\;XFd{bT!n,dP|(X(}6(bTZ;_PdVDCJX(1,C'I
CJX(J4DLH)M`WN(h#
13. 1!ivBa!qa0Plb4!r,"Ra;vT>8>l&&Z“a0P”4,DD>#Z(h}L
P,AppScan a"Mv/EEks,liKD>Dl&,Ti$dGqT&ZG<4,("Zh*1XB
G<)#i$;vT>DD>Gq75\;$wa0DP'T#
14. %wB;=#
15. !qJ1D%!4%Tt/T/(h,9CV/=wrTs4t/(IT(}%w$_8OD“t/”<j
4Tst/(h)#
16. (I!)1!ivB,a!q Scan Expert 4!r,TcZjIr<1KP Scan Expert#zITe}K!
q,T1Sxk(h=h#
17. %wjITKvCr<#
Scan Expert“(hdCr<”PDdP;v!nJCZ Scan Expert,I8<dKPrL(h,T@@X(>cDBdCD'
J#
© Copyright IBM Corp. 2000, 2014 11
KP Scan Expert 1,aZA;D%?r* Scan Expert fe,"RIZ Scan Expert =w>c,&CLrw
+a*<vVZs_D0qP#
ZrL@@ax1, Scan Expert a*z(iITS\r\xDdC|D#(zIT%@i4wv(i,2I
T!qT/&C(i#)
":?V|D;\I Scan Expert V/xP&C,rK,1!qT/!n1,I\;a&C?V|D#
v *V/KP Scan Expert,k(}rL“=w”WNxP(g{P4P“=w”a{),k%w(h > KP“ScanExpert @@”#
v *ZVP“=w”WNa{OV/KP Scan Expert,k%w(h > ;KP“Scan Expert Vv”#
v *+ Scan Expert dC*Z(h*<0T/KP,k%w$_ > !n > W!n,;s!q(h*<0KPScan Expert#
v *dCKPDv Scan Expert #i,k%wdC > Scan Expert#
V/=w
XZKNq
(}%w4S"dk}],“V/=w”9z\;TP/@&CLr#AppScan aG<zDYw,"9CC}]
44(bT#P}VI\D-rCzk*xPV/=w:
v *K+]4T//zF(g*sdkfzVTw*<qT>)
v *K=wX(DC'xL(Z3VivB,C'+CJD URL"D~MN})
v IZZ(h}LP"VK;%=4S,"Rzk*n4yh}]TtC|Sj!D(h
":4(“V/=w”s,zI\k*LxT/“=w”=h,Tc(hI2GzD{v&CLr#
}L
1. %w(h > V/=w
b1ar*6k=/@w#
2. /@>c,;s%w4S"4*sn4VN#
3. jIsXU/@w#
":zIT(}%w]#,/@Ad{;C,;s%wG<4V4G<,Sx4(|,`v}LDV/=
w#
b1aT>Q=wD URL T0r,dPT>zyCJD URL#
4. %w7(#
5. AppScan alizDyPdkGqJOmS=“T/m%ndw”,T>Pm,T0/Jg{by/J,zk
*mS+?"^9G!(DN}#
v g{zk*+?VdkmS=“T/m%ndw”,G4k%wmS!(Ddk#;sZ“Y1m%N}”
PmP!qn,"%wF/(T+dF/=“VPm%N}”Pm)#;s%w7(#
6. %w7(# AppScan VvQQ0D URL,"yZCVv44(bT#
7. *KPBbT,k%w(h > Lx(h#
12 IBM Security AppScan Standard: kE
Z 4 B (h
(h*<1,“xHfe”avVZA;D%?,"k4,8(?EA;DW?);pT>(hxHDj8E
"#Z&m}LP,0qaI51a{nd#
“xH”fe
xHfeT>10WND(hT0}ZxPbTD URL MN}#
g{Z(h}LP"VKB4S("RtCK`WN(h),G4aZH0DWNjIsT/t/d{(hW
N#BWNI\assLZH0DWN,r*va(hB4S#ZxHfeO9I\aT>/(,g“~qw
XU”#
4,8
A;W?D4,8T>TB(hE":
v QCJ3f}:QCJD3f}?/*CJD3f\}
fE"V3)3f,;sr*;h*(hb)3fx\xK`3f,Z~v}VI\aZ(hZdvS,
;suY#(hax1,=v}V&C`H#
v QbT*X}?:QbT,u}?/*bTD*X\}
fE"V*bTD*X,Z~v}VaZ“=w”WNvS#bTWN,Z;v}V+vS#(hax1,=
v}V&C`H#
v "MD HTTP ks}
C}VzmyPQ"MDks,|(a0Plbks"~qwXUlbks"G<ks"`=hYwMb
Tks#rKZ(hZd,bG AppScan }Z$wD8>{,+^[GZ(hZd9GZ(h.s,5J}
V;PNNXbX*be#
v 2+Jb}
"VD2+JbD\},szZ?v`pPD`E:_"P"MMN<#
wH(h
zITwH(hTT/t/;Nr(ZT/t/#
}L
1. %w$_ > (hwHLr,;s%wB(#
2. *wHdk{F,;sn4zyhD!n:
v !q10(hrQ#fD(h(g{!q“Q#fD”,G4k/@=XhD .scan D~)
v !q?U"?\"?Brv;N#
v *(h!qUZM1d
v dkr{M\k
3. %w7(#
© Copyright IBM Corp. 2000, 2014 13
Z 5 B &ma{v :a{S<;
v Z 163D:Result Expert;
v Z 163D:<va{;
a{S<
IT}VS<4T>a{:“2+Jb”"“9HNq”M“&CLr}]”#I(}%wS<!qwPD4%4!
qS<#IZ!(DS<;,,Z}v0qPT>D}]2aPy;,#
“}]”S< T>4T“=w”WNDE>N}";%= URL"QCJD URL"PO4S"Q}KD
URL""M"JavaScript M cookie#
&CLrw:jI&CLrw#
a{Pm:S“a{Pm”%?D/vPmP!q}Kw,T7(*T>D)E"#
j8E"0q:Z“a{Pm”P!(DnDj8E"
kd{=VS<;,,49 AppScan vjIK“=w”=h,“&CLr}]”S<2IC#
9C“a{Pm”%?D/vPm4}K}]#
“Jb”S< T>"VD5JJb,SEv6p;1=vpks/l&6p#bG1!S<#
&CLrw:jI&CLrw#?vnTDF}waT>*nR=DJb}?#
a{Pm:Pv&CLrwPy!(DZcDJb,T0?vJbDOXT#
j8E"0q:T>Z“a{Pm”P!(JbDI/"^)(iMks/l&(|(y
9CDyPde)
NqS< a)X(^4NqDNqPm,T^)(hyR=DJb#
&CLrw:jI&CLrw#?vnTDF}waT>CnD^)(i}?#
a{Pm:Pv&CLrwPy!(DZcD^)Nq,T0?nNqDEH6#
j8E"0q:T>Z“a{Pm”Py!(D^4NqDj8E",T0C^4+bv
DyPJb#
OXT6p
“a{Pm”T>&CLrwP!(DNNnDJb#b)ITGTB8V6p:
v y6p:T>yP>cJb
v 3f6p:3fDyPJb
v N}6p:kTX(3fDX(ksDyPJb
a*?vJbVddP;V2+6p(2DV):
_2+Jb
© Copyright IBM Corp. 2000, 2014 15
PH2+Jb
M2+Jb
N<2+Jb
"b:K`pvJCZ“JbS<”#Z“9HS<”P,yPMZ“PH”DJb<V`*“M”#
":VdxNNJbDOXT6p<IT(}R|%wZc4xPV/|D#
“2+Jb”!n(
Z“2+Jb”S<P,aZTBDv!n(D“j8E"”0qPT>!(JbD)4j8E":
JbE" Zd{“j8E"”0q!n(OICDE"**#dw*?DZZT>I Result Expert m
SDd{E"#KE"|(kTJbD CVSS H?5@VM`XA;lU,b)ITka
{;p#f"|,Z(fP#
I/ !(JbD<uj8E",T0|`E"D4S#Xk^)DZ]M-r#
^)(i *#O Web &CLr;avV!(DX(Jbx&jID_eNq#
ks/l& T>"M=&CLr0dl&DX(bT(IT HTML q=rZ Web /@wPi4)#
de:g{fZde("M=,; URL D;,N}),G4I(}%w!n(%?D < M> 4%4TdxPi4#
C!n(R_D=v!n(9z\;i4dej8E","mS+ka{;,#fDl
U#
Result ExpertResult Expert ICZ&m(ha{DwV#iiI#&mDa{+mS=“j8E"”0qD“JbE"”!n(,
T9T>DE"|S[OMj8,|(Z`X&DcDA;lU#
Result Expert ITdC*Z+f(h.sT/KP,2IZf1Z+fr?V(ha{OV/KP#
t1dP^F,"Ra{D}?\s,G4zI\;#{KP Result Expert,r_{C|D;vr`v#i#
v *KPZVPa{OV/KP Result Expert,k%wKP > a{(R#
v *+ Result Expert dC*Z(hax1T/KP,k%w$_ > !n > W!n,;s!q(haxsKP Result Expert#
v *dCKPDv Result Expert #i,k%wdC > Result Expert#
<va{
XZKNq
zIT+j{D(ha{<v* XML D~,r<v*X5}]b#(}]b!na+a{<v= Firebird }
]ba9#bG*E=4zk,Rq- ODBC M JDBC j<#)
16 IBM Security AppScan Standard: kE
Z 6 B (f
AppScan @@Kz>cD)4s,ITzIkTi/PwVK1xdCD(F(f#
zITZ AppScan Zr*"i4(f,"+d#f*IIZ}=&CLr(g Acrobat Reader)r*DD~#
<j {F rLhv
2+(f (hZdR=D2+JbD(f#2+E"I\G#c:,"Iy]zDh*xP}K#
|(yvj<#e,+y]h*,?v#e<IaWw{,T|(rE}E"`p#
P5j<(f &CLrkT!(DP5/1arzT:D(Fj<KTmD;BT(rG;BT)(
f#
Of;BT(f &CLrkTf6r(Ij<Ds?!nrzT:D(F“Of;BT”#eD;BT(r
G;BT)(f#
v?Vv(f “v?Vv”(fHOK=i(ha{,"T>K"VD URL M/r2+JbPDnl#
yZ#eD(f |,C'(eD}]MC'(eDD5q=/D(F(f(q=* Microsoft Word
.doc)#
":“P5j<”M“Of;BT”(fZ AppScan Developer Edition P;IC#
© Copyright IBM Corp. 2000, 2014 19
Z 7 B w$_8
$_8OD<jT#C&\a)lYCJ(2ISK%PCJ)#
<j {F %wT:
(h > (v1Q0k"dC(hsEIC#)r*rLD“(h”K%,aT>TB!n:
+f(h:t/+f(h(=wMbTWN)rLxQ]#D(h#
v=w:vKP=wWN(rLxQ]#D=w),.s;h*xPbTWN#
vbT:vKPbTWN(rLxQ]#DbT),;h*WHKP=wWN#v1
QfZ;)=wa{1,C4%EGn/D#
]#(h (v1(h}ZKP1,C4%EGn/D#)]#10(h(;\G“+f(h”"“
v=w”9G“vbT”)#
TszITV4C(h#z2I#fQ]#D(h,TcBNITLx#
V/=w r*/@wTxk&CLrD URL "V//@C>c,Z/@}LPn4XnDN
}#;s,AppScan Z*>c4(bT1,a+C=w}]mS=d>mT/U/D
=w}]#
dC r*“(hdC”T0r,TdC(h#
(f 9C10(h}]44((f#
iR iRJb#(v1Q!(“Jb”S<1EtC#)
(hU> T>(hZdr(h.sD“(hU>”#(Pv(hZd"zD"I AppScan y4
PDyPYw#)
PowerTool r*f AppScan a)D3v PowerTool &CLr,TozzjIwVNq#
S<!qw
$_8R`D}v<jZ}vS<dP;:&CLr}]"2+TJbM^9Nq#
<j {F %wTT>:
}]S< “&CLr}]”S<#
© Copyright IBM Corp. 2000, 2014 21
IBM Security AppScan Standard V9.0 D5yw
© Copyright IBM Corporation 2000, 2014.
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Con-
tract with IBM Corp.
`LSZ:8(D`LSZ9M'\;`4LrTq! IBM Security AppScan Standard Edition D~q#
>E"G*Z@za)Dz7M~q`4D#
IBM I\Zd{zRrXx;a)>D5PV[Dz7"~qr&\XT#PXz10yZxrDz7M~q
DE",krz1XD IBM zmI/#NNT IBM z7"Lrr~qD}C"GbZw>r5>;\9C
IBM Dz7"Lrr~q#;*;V8 IBM D*6z(,NN,H&\Dz7"Lrr~q,<ITzf IBM
z7"Lrr~q#+G,@@Mi$NNG IBM z7"Lrr~q,rIC'TP:p#
IBM +>I\Q5Pr}Zjkk>D5Z]PXDwn({#a)>D5"4ZhC'9Cb)({DNN
mI#zITCif==+mIi/Dy:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
PX+VZ (DBCS) E"DmIi/,kkzyZzRrXxD IBM *6z(?E*5,rCif==+i
/Dy:
Intellectual Property Licensing
Legal and Intellectual Property Law
IBM Japan, Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa 242-8502 Japan
>un;JC"zrNNbyDunk1X(I;;BDzRrXx:International Business Machines Corpo-
ration“4V4”a)>vfo,;=PNNV`D(^[Gw>D9G5,D)#$,|(+;^Z5,DP
XGV("JzMJCZ3VX(C>D#$#3)zRrXxZ3);WP;Jmb}w>r5,D#$#
rK>unI\;JCZz#
>E"PI\|,<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b)|D+`k>JODB
f>P#IBM ITf1T>JOPhvDz7M/rLrxPDxM/r|D,x;mP(*#
>JOPTG IBM Web >cDNN}C<;G*K=cp{Ea)D,;TNN==d1TG) Web >c
D#$#G) Web >cPDJO;GK IBM z7JOD;?V,9CG) Web >cx4DgU+IzTP
P##
IBM IT4|O*J1DNN==9CrV"zya)DNNE"x^kTzP#NNpN#
© Copyright IBM Corp. 2000, 2014 23
>LrD;mI=g{*KbPX>LrDE"To=gB?D:(i) 'VZ@"4(DLrkd{Lr(|(
>Lr).dxPE";;,T0 (ii) 'VTQ-;;DE"xP`%9C,G4&CkBPX7*5:
Intellectual Property Dept. for Security Software
IBM Corporation
5 Technology Park Drive
Westford, MA 01886
U.S.A.
;*qXJ1Du~Mun,|(3)iNBD;(}?D6Q,<IqCb=fDE"#
>JOPhvDmILr0dyPICDmIJOyI IBM @] IBM M'-i"IBM zJm~mI-ir
NN,H-iPDuna)#
K&|,DNNT\}]<GZ\X73PbCD#rK,Zd{Yw73PqCD}]I\aPwTD;
,#P)b?I\GZ*"6D53OxPD,rK;#$k;cIC53OxPDb?a{`,#Kb,P
)b?G(}Fcx@FD,5Ja{I\aPnl#>D5DC'&1i$dX(73DJC}]#
f0G IBM z7DE"ISb)z7D)&L"dvf5wrd{I+*qCDJOPq!#IBM ;PTb
)z7xPbT,2^(7OdT\D+7T"f]TrNNd{XZG IBM z7Dyw#PXG IBM z7
T\DJb&1rb)z7D)&Lav#
yPXZ IBM 44=rrbrDyw<If1|DrUX,x;mP(*,|Gvvm>K?jMb8xQ#
>E"|,ZU#5qYwP9CD}]M(fD>}#*K!I\j{X5wb)>},>}PI\a|(
vK"+>"7FMz7D{F#yPb){V<Gi9D,tV5znP5J5qs59CD{VMX7k
K`F,?tIO#
f(mI
>E"|(4oTN=Dy>&CLr,b)y>5w;,Yw=(OD`L=(#g{G*4UZ`4y>
LrDYw=(OD&CLr`LSZ(API)xP&CLrD*""9C"-zrV"*?D,zITNN
N=Tb)y>LrxP4F"^D"V",x^kr IBM 6Q#b)>}"4ZyPu~Bw+fbT#r
K,IBM ;\##r5>b)LrDI?T"I,$Tr&\#y>Lr“4V4”a),;=PNNV`D#
$#TZr9Cy>Lrx}pDNNp&,IBM ;P#NNpN#
2b)5}LrD?]=4rdNN?VrNN\zz7,<Xk|(gBf(yw:
© (s+>D{F) (j)#K?VzkGy] IBM +>Dy>Lr\zv4D#© Copyright IBM Corp. 2000,
2014.
g{z}Zi4>E"Dm=4,<,MJ+<}I\^(T>#
Ljyw
IBM"IBM UjM ibm.com® G International Business Machines Corp. Z+r`v\=xrZ"aDLjM"
aLj#d{z7M~q{FI\G IBM rd{+>DLj#IBM LjDnBPmIZ Web 3f
www.ibm.com/legal/copytrade.shtml Oq!#
Adobe G Adobe 53Z@zM/rd{zRrXxh"D"aLjrLj#
Intel M Pentium G Intel Corporation rdS+>Z@zMd{zRrXxDLjr"aLj#
24 IBM Security AppScan Standard: kE
Microsoft"Windows M Windows NTG Microsoft Corporation Z@zM/rd{zRrXxDLj#
UNIX G The Open Group Z@zMd{zRrXxD"aLj#
Java and JavaScript G Sun Microsystems, Inc. Z@zM/rd{zRrXxDLj#
d{z7M~q{FI\G IBM rd{+>DLj#
IBM Security AppScan Standard V9.0 D5yw 25