unit 1 - security appscan standard overview - 1 Security AppScan Standard overview 1 Security AppScan Standard overview Copyright IBM Corporation 2013

Course materials may not be reproduced in whole or in part without the prior written permission of IBM. © Copyright IBM Corp. 2013 1 1 Security AppScan Standard overview What this chapter is about This unit provides an introduction to IBM® Security AppScan® Standard capabilities, the user interface, and ways to use it in the software development lifecycle. Course materials may not be reproduced in whole or in part without the prior written permission of IBM. 1 Security AppScan Standard overview © Copyright IBM Corporation 2013

1 Security AppScan Standard overview  Course materials may not be reproduced in whole or in part without the prior written permission of IBM. 2 IBM Security AppScan Standard Fundamentals © Copyright IBM Corp. 2013 Objectives Objectives After completing this unit, you should be able to perform the following tasks: • Diagram the interactions between these components: ¡ IBM Security AppScan Enterprise Server ¡ IBM Security AppScan Enterprise Dynamic Analysis Scanner ¡ IBM Security AppScan Source ¡ Security AppScan Standard • Describe Security AppScan Standard • Summarize how to use Security AppScan Standard in the context of the software development lifecycle (SDLC) © Copyright IBM Corporation 2013 2

1 Security AppScan Standard overview  Lesson 1. Defining Security AppScan Standard Course materials may not be reproduced in whole or in part without the prior written permission of IBM. © Copyright IBM Corp. 2013 Student Notebook 3 V7.0 Uempty Lesson 1. Defining Security AppScan Standard Course materials may not be reproduced in whole or in part without the prior written permission of IBM. Lesson 1. Defining Security AppScan Standard © Copyright IBM Corporation 2013

1 Security AppScan Standard overview  Lesson 1. Defining Security AppScan Standard Course materials may not be reproduced in whole or in part without the prior written permission of IBM. 4 IBM Security AppScan Standard Fundamentals © Copyright IBM Corp. 2013 Application security testing techniques You cannot use one automated analysis technique to find all possible vulnerabilities. Each technique has its own strengths and weaknesses, which is the reason that a single-point tool is insufficient. To find the most vulnerabilities, you must employ all the analysis techniques available today. Two of these techniques are Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST). You can use them for scans, assessments, and results analyses, as described in the following lists: • Scans • DAST: Scans web applications and requires a starting point URL. If required, you must use login credentials. • SAST: Scans source code and bytecode for security and quality issues and requires access to source or bytecode.