Configuring the integration between IBM Security AppScan Tester Edition and Engineering Test Management

As you set up the integration between IBM® Security AppScan® Tester Edition and Engineering Test Management, you use a wizard to install sample data and configure communication between the products.

Before you begin

In IBM Security AppScan Tester Edition, you must run the Configuration wizard. When the wizard is completed, make sure that the Launch Default Settings Wizard check box is selected.

About this task

Organizations use IBM Security AppScan Tester Edition to distribute the responsibility for security testing among multiple stakeholders and to test for vulnerabilities, such as cross-site scripting, buffer overflows, and SQL injection early in the web application delivery lifecycle. When Engineering Test Management is integrated with IBM Security AppScan Tester Edition, you can run security tests directly from Engineering Test Management.

Procedure

  1. On the Welcome page, from the list, select Integrate with Rational Quality Manager and then click Next. Scan templates, test policies, and server groups are created for Engineering Test Management users.
  2. In the Default Setting window, configure the options for IBM Security AppScan Tester Edition.
    1. Select the instance name that this setup is for; for example, ASE. By default, the instance that was configured in the Configuration wizard is selected.
    2. Enter the name or a point of contact for the items that the wizard created. If necessary, you can edit the items later. By default, the contact name is the service account for the selected instance.
    3. Enter a name for the default root folder. The default folder is the root folder for all other folders that you create.
    4. Enter the URL to access IBM Security AppScan Tester Edition; then, click Next. The URL is in this format: http://myserver/mydomain/appscan/. By default, the application URL is the current computer's FODN (fully qualified domain name).
  3. If you use an LDAP server with IBM Security AppScan Tester Edition, on the LDAP Settings page, select the Enable LDAP check box.
    1. In the Server Name field, enter the LDAP group name.
    2. In the Group Query field, enter the path of the group query that is used to retrieve user group information. You can use an LDAP server or an Active Directory server.
    3. Optional: If you want to integrate with the LDAP server by using anonymous access, select the Anonymous access check box. By default, this option is disabled.
    4. Click Test LDAP to confirm that the configuration works.
  4. On the IP Security Permissions page, configure the IP addresses and ranges that are permitted for scanning. Use a dash to define IPv4 ranges; for example, 1.2.3.4–. Use a prefix to define IPv6 ranges; for example, fe80::/10.
  5. On the Populate Database with Sample Data page, select the Populate Sample Data check box. The IBM Security AppScan Tester Edition database is populated with scan templates, server groups that are based on the servers and IP addresses that are listed in your IBM Security AppScan Tester Edition license, and test policies for running security tests. If necessary, you can edit this data later in IBM Security AppScan Tester Edition.
  6. Optional: Select the Install RQM Sample Data check box and then click Next. Engineering Test Management is populated with a sample test plan, test cases, and test scripts. The sample data provides an example of how to create security test plans for your environment.
  7. In the Engineering Test Management settings window, configure several options.
    1. Enter the server name where Engineering Test Management is located.
    2. Enter the HTTP port for the server where Engineering Test Management is located. The default port is 9080.
    3. Enter the HTTPS port for the server where Engineering Test Management is located. The default port is 9443.
    4. Enter your user name for Engineering Test Management. This account is used for defect tracking.
    5. Enter the password Engineering Test Management. The password is case-sensitive.
    6. Enter the relevant project area. The default is Quality Manager.
    7. Click Test Connection to verify that the communication between IBM Security AppScan and Engineering Test Management works, and then click Next.
  8. The IBM Security AppScan Enterprise Integration page configures the Quality Management (QM) server to connect back to IBM Security AppScan Tester Edition. Several settings are already configured, but you must configure a few.
    1. Enter the SQL Server host name or IP address where IBM Security AppScan Tester Edition is located.
    2. To use Windows authentication to access the SQL Server where IBM Security AppScan Enterprise is located, select Use Windows Authentication. Windows authentication is available only if Engineering Test Management is installed on a Windows operating system. The account under which QM server runs must also have permission to access the IBM Security AppScan Tester Edition database. For a list of the database roles, see the IBM Security AppScan Enterprise documentation.
    3. To use SQL authentication to access the SQL Server where IBM Security AppScan Tester Edition is located, select Use SQL Authentication. Then, in the SQL DB User and SQL DB Password fields, enter the user name and password for the IBM Security AppScan Tester Edition database. For a list of the database roles, see the IBM Security AppScan Enterprise documentation.
      Note: By default, SQL Server 2005 is installed with Windows authentication only. Before you continue, make sure that the SQL Server is configured to allow SQL Server or mixed-mode authentication.
  9. To verify that Engineering Test Management can connect with IBM Security AppScan Tester Edition, click Test AppScan Connection and then click Next. The Default Settings Wizard Progress page opens, displaying the setup progress.

    By default, all users are given access to all server groups and test policies. You can define more granular security permissions on the Users and Groups page of the Administration tab in IBM Security AppScan Tester Edition.

  10. If errors occurred, click the link to view the log file. When you are finished, click Exit to close the wizard.

video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net
Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki