Copyright IBM Corp 2015 4 2V70 Uempty 3 On the New Scan dialog select Regular

Copyright ibm corp 2015 4 2v70 uempty 3 on the new

This preview shows page 9 - 17 out of 37 pages.

© Copyright IBM Corp. 2015 4-2 V7.0 Uempty 3. On the New Scan dialog, select Regular Scan . 4. On the first page of the configuration wizard, select AppScan and click Next . 5. In the Starting URL field, enter demo.testfire.net and click Next .
Image of page 9
Unit 4 Configuring your first scan exercises Exercise 1 Setting up your first scan Course materials may not be reproduced in whole or in part without the prior written permission of IBM. © Copyright IBM Corp. 2015 4-3 V7.0 Uempty 6. Click the Record button. 7. Navigate the website’s login and stop just after you log in successfully. 8. Demo.testfire.net’s password is jsmith/demo1234.
Image of page 10
Unit 4 Configuring your first scan exercises Exercise 1 Setting up your first scan Course materials may not be reproduced in whole or in part without the prior written permission of IBM. © Copyright IBM Corp. 2015 4-4 V7.0 Uempty 9. Select the default test policy and click Next . 10. Select Start a full automatic scan and click Finish .
Image of page 11
Unit 4 Configuring your first scan exercises Exercise 1 Setting up your first scan Course materials may not be reproduced in whole or in part without the prior written permission of IBM. © Copyright IBM Corp. 2015 4-5 V7.0 Uempty 11. Click Yes to save the scan. 12. Let the scan run. 13. When finished, save the scan for future use.
Image of page 12
Course materials may not be reproduced in whole or in part without the prior written permission of IBM. © Copyright IBM Corp. 2015 5-1 Unit 5 Reviewing the results exercises These exercises show you how to review the results of a scan. Exercise 1 Examining an issue to determine if it is real 1. Open the demo.testfire.net scan. 2. Select the Issues view. 3. Click Issues . 4. Expand the Cross-Site Scripting branch in the findings view. 5. Expand the demo.testfire.net/bank/login.aspx branch.
Image of page 13
Unit 5 Reviewing the results exercises Exercise 1 Examining an issue to determine if it is real Course materials may not be reproduced in whole or in part without the prior written permission of IBM. © Copyright IBM Corp. 2015 5-2 V7.0 Uempty 6. Click the UID parameter. 7. Read the Issue Information on the Issue Information tab. 8. Click the Request/Response tab. 9. Read the description on the right to understand what AppScan did with the test.
Image of page 14
Unit 5 Reviewing the results exercises Exercise 1 Examining an issue to determine if it is real Course materials may not be reproduced in whole or in part without the prior written permission of IBM. © Copyright IBM Corp. 2015 5-3 V7.0 Uempty 10. Click the yellow AB> button to jump to the two areas AppScan flagged: a. Returned an HTML document b. Returned an injected script
Image of page 15
Unit 5 Reviewing the results exercises Exercise 2 Changing the severity of a vulnerability Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Image of page 16
Image of page 17

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture