Web AppScan
Quicklink(s)
A Web Application Vulnerability Scan (IBM AppScan) can be used to perform an in-depth analysis of web applications to identify coding errors that could lead to an application being vulnerable to attack.
Web AppScan is part of OIT’s Vulnerability Management Program.
Web Application Scans
An OIT Security Engineer can configure a custom scan of your web application using the IBM AppScan tool.
Note: Since the scan will submit real requests to the application, you should expect (depending on your application logic) log files to grow, junk data to be inserted into the database, existing data to be updated or deleted, email notifications to be sent, and possibly database connections to hang due to connection pools running out of resources or altered SQL commands.
What is checked
- The scan performs tests to check for flaws in web application code that cause vulnerabilities.
- Light web server configuration checks can also be included.
Results
A PDF report is returned that contains vulnerabilities found, the verification in the response (if applicable), and remediation tasks to complete. An overview of the report is included in the first few pages.
Web AppScan Help
Need more help?
AT A GLANCE
REQUIREMENTS
A UCI hosted web application
COST
No additional charge