Transcript Watchfire AppScan - University of California, Davis

Watchfire AppScan
Web Application Security
Software
Omen Wild
September 2007
AppScan Overview

What is AppScan?


Software used by web developers, content
managers, database administrators, and
system administrators to check web
applications for vulnerabilities
How is AppScan used?

AppScan can be deployed in variety of
application instances, including test,
development and production
AppScan Functionality

Site crawl


Finds all linked pages
Site check

Attacks web forms
 SQL
Injection
 Cross Site Scripting (XSS)
 Buffer Overflows

Extensive reports
User Endorsement

Brian Biehle
Supports the Academic Senate
 Scanned MySenate
 “You also have my full endorsement of
AppScan and its effectiveness to uncover
areas within a site that may pose security
risks. The recommendations for resolving the
issues within the reports generated from the
scan have been very helpful as well.”

AppScan Project Status

UC Davis purchased Watchfire AppScan per
existing UCOP agreement. The agreement
includes:





25 licenses for configuration, scanning and
reporting features
25 licenses for computer-based training
On-site training for administrators and license
holders
Hardware is in place
Working with vendor for installation and
training
Implementation Plan & Estimated
Timeline
October 1 - 15: Watchfire staff available
for implementation planning
 October 15 – November 2: Watchfire staff
on-site for implementation assistance
 October 22 – 26: Watchfire staff on site for
training


While this timeline my change slightly, AppScan on-site
training will be completed no later than mid-November
2007
Next Steps
Finalize license distribution plan and
process
 Finalize training strategy and timeline
 Develop and implement communication
plan

Questions?