Watchfire AppScan - University of California, Davis
Download
Report
Transcript Watchfire AppScan - University of California, Davis
Watchfire AppScan
Web Application Security
Software
Omen Wild
September 2007
AppScan Overview
What is AppScan?
Software used by web developers, content
managers, database administrators, and
system administrators to check web
applications for vulnerabilities
How is AppScan used?
AppScan can be deployed in variety of
application instances, including test,
development and production
AppScan Functionality
Site crawl
Finds all linked pages
Site check
Attacks web forms
SQL
Injection
Cross Site Scripting (XSS)
Buffer Overflows
Extensive reports
User Endorsement
Brian Biehle
Supports the Academic Senate
Scanned MySenate
“You also have my full endorsement of
AppScan and its effectiveness to uncover
areas within a site that may pose security
risks. The recommendations for resolving the
issues within the reports generated from the
scan have been very helpful as well.”
AppScan Project Status
UC Davis purchased Watchfire AppScan per
existing UCOP agreement. The agreement
includes:
25 licenses for configuration, scanning and
reporting features
25 licenses for computer-based training
On-site training for administrators and license
holders
Hardware is in place
Working with vendor for installation and
training
Implementation Plan & Estimated
Timeline
October 1 - 15: Watchfire staff available
for implementation planning
October 15 – November 2: Watchfire staff
on-site for implementation assistance
October 22 – 26: Watchfire staff on site for
training
While this timeline my change slightly, AppScan on-site
training will be completed no later than mid-November
2007
Next Steps
Finalize license distribution plan and
process
Finalize training strategy and timeline
Develop and implement communication
plan
Questions?