Configuring the integration between Rational AppScan Tester Edition and Rational Quality Manager

As you set up the integration between Rational® AppScan® Tester Edition and IBM® Rational Quality Manager, you use a wizard to install sample data and configure communication between the products.

Before you begin

In Rational AppScan Tester Edition, you must run the Configuration wizard. When the wizard is completed, make sure that the Launch Default Settings Wizard check box is selected.

About this task

Organizations use Rational AppScan Tester Edition to distribute the responsibility for security testing among multiple stakeholders and to test for vulnerabilities, such as cross-site scripting, buffer overflows, and SQL injection early in the web application delivery lifecycle. When Rational Quality Manager is integrated with AppScan Tester Edition, you can run security tests directly from Rational Quality Manager.

Procedure

  1. On the Welcome page, from the list, select Integrate with Rational Quality Manager and then click Next. Scan templates, test policies, and server groups are created for Rational Quality Manager users.
  2. In the Default Setting window, configure the options for Rational AppScan Tester Edition.
    1. Select the instance name that this setup is for; for example, ASE. By default, the instance that was configured in the Configuration wizard is selected.
    2. Enter the name or a point of contact for the items that the wizard created. If necessary, you can edit the items later. By default, the contact name is the service account for the selected instance.
    3. Enter a name for the default root folder. The default folder is the root folder for all other folders that you create.
    4. Enter the URL to access Rational AppScan Tester Edition; then, click Next. The URL is in this format: http://myserver/mydomain/appscan/. By default, the application URL is the current computer's FODN (fully qualified domain name).
  3. If you use an LDAP server with Rational AppScan Tester Edition, on the LDAP Settings page, select the Enable LDAP check box.
    1. In the Server Name field, enter the LDAP group name.
    2. In the Group Query field, enter the path of the group query that is used to retrieve user group information. You can use an LDAP server or an Active Directory server.
    3. Optional: If you want to integrate with the LDAP server by using anonymous access, select the Anonymous access check box. By default, this option is disabled.
    4. Click Test LDAP to confirm that the configuration works.
  4. On the IP Security Permissions page, configure the IP addresses and ranges that are permitted for scanning. Use a dash to define IPv4 ranges; for example, 1.2.3.4–. Use a prefix to define IPv6 ranges; for example, fe80::/10.
  5. On the Populate Database with Sample Data page, select the Populate Sample Data check box. The Rational AppScan Tester Edition database is populated with scan templates, server groups that are based on the servers and IP addresses that are listed in your Rational AppScan Tester Edition license, and test policies for running security tests. If necessary, you can edit this data later in Rational AppScan Tester Edition.
  6. Optional: Select the Install RQM Sample Data check box and then click Next. Rational Quality Manager is populated with a sample test plan, test cases, and test scripts. The sample data provides an example of how to create security test plans for your environment.
  7. In the Rational Quality Manager Settings window, configure several options.
    1. Enter the server name where Rational Quality Manager is located.
    2. Enter the HTTP port for the server where Rational Quality Manager is located. The default port is 9080.
    3. Enter the HTTPS port for the server where Rational Quality Manager is located. The default port is 9443.
    4. Enter your user name for Rational Quality Manager. This account is used for defect tracking.
    5. Enter the password Rational Quality Manager. The password is case-sensitive.
    6. Enter the relevant project area. The default is Quality Manager.
    7. Click Test Connection to verify that the communication between AppScan and Rational Quality Manager works, and then click Next.
  8. The IBM Security AppScan Enterprise Integration page configures the Quality Management (QM) server to connect back to Rational AppScan Tester Edition. Several settings are already configured, but you must configure a few.
    1. Enter the SQL Server host name or IP address where Rational AppScan Tester Edition is located.
    2. To use Windows authentication to access the SQL Server where IBM Security AppScan Enterprise is located, select Use Windows Authentication. Windows authentication is available only if Rational Quality Manager is installed on a Windows operating system. The account under which QM server runs must also have permission to access the Rational AppScan Tester Edition database. For a list of the database roles, see the IBM Security AppScan Enterprise documentation.
    3. To use SQL authentication to access the SQL Server where Rational AppScan Tester Edition is located, select Use SQL Authentication. Then, in the SQL DB User and SQL DB Password fields, enter the user name and password for the Rational AppScan Tester Edition database. For a list of the database roles, see the IBM Security AppScan Enterprise documentation.
      Note: By default, SQL Server 2005 is installed with Windows authentication only. Before you continue, make sure that the SQL Server is configured to allow SQL Server or mixed-mode authentication.
  9. To verify that Rational Quality Manager can connect with Rational AppScan Tester Edition, click Test AppScan Connection and then click Next. The Default Settings Wizard Progress page opens, displaying the setup progress.

    By default, all users are given access to all server groups and test policies. You can define more granular security permissions on the Users and Groups page of the Administration tab in Rational AppScan Tester Edition.

  10. If errors occurred, click the link to view the log file. When you are finished, click Exit to close the wizard.

video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net
Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki