ibm maximo asset management · web viewsolution setup or administration documentation, or a portion...
TRANSCRIPT
IBM® Security Systems Division
Ready for IBM Security IntelligenceValidation requirements document for
IBM Security AppScan Family
Please visit the Ready for IBM Security Intelligence software validation site for assistance, enablement support, and current copy of this document:
http://www.ibm.com/partnerworld/rfisi
Validated solution integrations and extensions can be found in the Ready for IBM Security Intelligence Showcase
http://www.ibm.com/partnerworld/rfisisolutions
Send documents to [email protected], “Ready for IBM Security Intelligence” in subject line.
Document Version 3
Table of Contents
Introduction.................................................................3Items required to complete validation.........................4Validation contact information....................................5Solution to be validated...............................................6
Solution overview...................................................................................................................................6Integration requirements....................................................................................................7
Architecture and overview......................................................................................................................7Solution integration details.................................................................................................8Integration exceptions........................................................................................................9Resources.........................................................................................................................10
Validation Requirements Document Page 2 of 11 IBM Security AppScan Family
Introduction
Ready for IBM Security Intelligence program validates partner integrations with IBM Security software and represents the solution integrations in the IBM Security section of the Ready for IBM Security Intelligence Showcase. This includes partners working to complete Industry Frameworks, Solution Initiatives, and Specialties or other offerings with a dependency on validating integrations with IBM Security Software.
This document provides the steps and validation requirements for demonstrating integrations with the IBM Security AppScan family of products. A brief overview of the integration points are provided, along with the testing, documentation and demonstration results needed to verify and validate the solution integration.
Reference the following resources for assistance. For further assistance contact our IBM Security AppScan validation specialist Dan Schofield, [email protected]
Ready for IBM Security Intelligence ResourcesReady for IBM Security Intelligence - Home
http://www.ibm.com/partnerworld/rfisi
Getting Started with the Ready for IBM Security Intelligence program
https://www.ibm.com/partnerworld/wps/servlet/ContentHandler/isv_com_dvm_techval_security_start
Ready for IBM Security Intelligence integration points and resources
https://www.ibm.com/partnerworld/wps/servlet/ContentHandler/isv_com_dvm_techval_security_integration
Ready for IBM Security Intelligence DeveloperWorks Homepage
http://ibm.co/rfisi
Ready for IBM Security Intelligence Message Board
https://www.ibm.com/developerworks/mydeveloperworks/groups/service/forum/topics?communityUuid=85cce0f0-581e-4b9e-9da8-b57c4a257949&ps=10&page=0
IBM PartnerWorld Contact Servicesassistance getting started
US Number: 800-426-9990, 770-858-5052, e-mail: [email protected], ask for Ready for IBM Security Intelligence assistance.
Ready for IBM Security Intelligence Showcase
http://www.ibm.com/partnerworld/rfisisolutions
Program Manager Contact Russ Warren, [email protected] Resources
IBM Security Communitiesbest practices and scenarios
http://www.ibm.com/developerworks/security/community.html
IBM Service Management Connect https://www.ibm.com/developerworks/servicemanagement/srm/index.html
IBM Software Access Catalogdownload IBM Security software
http://www.ibm.com/isv/welcome/softmall.html
IBM PartnerWorld option supportassistance with listed products
Voice US Number: 800-426-9990, 770-858-5052, Remote e-mail:
Validation Requirements Document Page 3 of 11 IBM Security AppScan Family
https://www.ibm.com/isv/tech/member/index.html
Validation Requirements Document Page 4 of 11 IBM Security AppScan Family
Items required to complete validationTo validate your IBM Security AppScan family based integration and include the solution highlight in the Ready for IBM Security Intelligence Showcase, the following items must be submitted to the validation lab at [email protected]. Please consult the Ready for IBM Security Intelligence software validation Web site for guidance and details concerning the validation process at https://www.ibm.com/partnerworld/wps/servlet/ContentHandler/isv_com_dvm_techval_security
Items required for validationFinal validation
requirements documentFinal version of this document representing the solution integration being validated Ready for IBM Security Intelligence. Need to document and identify the classes and interfaces used.
Test plan report Document containing use scenarios, data points, and information on the solution integration with IBM Security AppScan Will be used when reviewing test results and files, performing the validation, and during the solution integration demonstration.
Integration Setup Information
Solution setup or administration documentation, or a portion of a document providing information customers would use to setup or configure the integration between your solution and IBM Security AppScan Should include items in IBM Security AppScan that need to be customized to make the integration work.
Demonstration A remote demonstration or captured demo to walk through the integration scenarios with IBM Security AppScan.
Ready for IBM Security Intelligence Showcase
Integration highlights (solution overview, requirements, contacts) used for the Ready for IBM Security Intelligence Showcase entry (http://www.ibm.com/partnerworld/rfisisolutions). This should include a company logo that can be used (Recommended size 100 x 50).
Web page To include your solution integration reference in the Ready for IBM Security Intelligence Showcase (http://www.ibm.com/partnerworld/rfisisolutions), you need to provide a Web page link highlighting the solution integration. Also, encourage using the Ready for IBM Security Intelligence logo mark on your Web page, solution material, at conferences and on other marketing material.
Validation Requirements Document Page 5 of 11 IBM Security AppScan Family
Validation contact information Please complete ALL the fields below to provide the validation project contact information.
Submitted by:Title/Position:
Company:
Address:
Telephone:Fax:
E-mail:
IBM Security Product:
IBM Security AppScan Standard V8 IBM Security AppScan Standard V8
IBM Security AppScan Source V8 IBM Security AppScan Source V9
IBM Security AppScan Enterprise V8 IBM Security AppScan Enterprise V9
Your Solution Name and Version:
Global Solution DirectoryURL:
Current Date: 201X/mm/ddAnticipated Solution Start
Date: 201X/mm/dd
Anticipated Solution Completion Date: 201X/mm/dd
Validation Requirements Document Page 6 of 11 IBM Security AppScan Family
Solution to be validated
Solution overview Please fill in the auto-sizing text box below to provide the validation lab a technical overview of the application or solution, the integration points and solution to be validated.
To be filled in.
Validation Requirements Document Page 7 of 11 IBM Security AppScan Family
Integration requirements
This section provides an overview of the Ready for IBM Security Intelligence validation requirements for each of the products in the IBM Security AppScan familt. The next section “Integration Options for Validation” will allow you to identify the configuration and pertinent platforms used by your offering for validation.
Architecture and overviewThis following diagram shows the overall architecture of the IBM Security AppScan Family
IBM Security AppScan Standard Edition delivers the desktop solution for automating web application security testing. Used by penetration testers and security auditors, as well as QA and development. Output from AppScan Standard can be used as input into Partner system to provide further specialised analysis or defect tracking.
IBM Security AppScan Enterprise Edition is a web-based, multi-user solution that provides centralized application security scanning, data consolidation and reporting, remediation capabilities, executive dashboards, compliance reporting, and seamless integration with AppScan Standard Edition. Using the XML/SOAP REST API Business Partners can integrate with AppScan Enterprise to enable vulnerability information to be used in other security systems to mitigate the risks of attack until fixes can be made in the applications.
IBM Security AppScan Source Edition automates the analysis of source code to identify vulnerabilities and facilitate their remediation by integrating with development processes and tools, including build systems and IDEs.
Validation Requirements Document Page 8 of 11 IBM Security AppScan Family
Solution integration details
This section is used for you to describe the solution integration items and methods used with IBM Security AppScan. The requested information is required and will be used as a “benchmark” to proceed with the validation.
Check each integration type you will use to integrate your solution with IBM Security AppScan Specify each operating system platform the integration supports.
AppScan Product / Integration Point
AppScan Standard Extensions Framework Yes NoAppScan Standard CLI Yes NoAppScan Standard Pyscan/Utilities Yes NoAppScan Enterprise REST API Yes NoAppScan Source CLI Yes NoAppScan Source for Automation Yes NoOS platforms Windows 2003 Windows 2008
Solaris HP/UX AIX
Linux Other (Specify)
Use the following area to provide a functional overview of the integration with the proposed data flows for the above selected interfaces and integration points. Highlight any high level business rules that are applicable along with the communication/protocol format being used. Critical would be information where the transaction or data exchanged meets specific compliance issues and concerns. It may be beneficial to insert a data flow diagram (like a Visio or PowerPoint) showing the interchange of data and the specific criteria that the interchange needs to address to work with the external system. Sufficient information is needed to assess the flow of information through the interfaces.
Note: No need to duplicate information if some of this will be placed in the requested Integration Guide.
Validation Requirements Document Page 9 of 11 IBM Security AppScan Family
Integration exceptions
Use this section to note any exceptions to the Integration Requirements that should be considered for this integration. Also List any additional considerations or system impact not explicitly stated previously. May include, but not limited to: database changes, application functionality, or any task that affects the integration but is outside the scope of this estimate. Information will be review and discussed during validation.
Validation Requirements Document Page 10 of 11 IBM Security AppScan Family
Resources
Use the following information and resource links to assist with setting up and integrating with the IBM Security AppScan family of products
IBM Security AppScan Homepage http://www-01.ibm.com/software/awdtools/appscan/IBM Security AppScan Standard Documentation
http://pic.dhe.ibm.com/infocenter/apsshelp/v8r7m0/index.jsp
IBM Security AppScan Source Documentation
http://pic.dhe.ibm.com/infocenter/appsrc/v8r7m0/index.jsp
IBM Security AppScan Enterprise Documentation
http://pic.dhe.ibm.com/infocenter/asehelp/v8r7m0/index.jsp
Application Security Community of Practice
https://www.ibm.com/developerworks/mydeveloperworks/blogs/242fafe4-766c-4c93-bb7d-3d2a5ee1cbd6/?lang=en
Support Portal http://www-947.ibm.com/support/entry/portal/overview/software/security_systems/ibm_security_appscan_family
DeveloperWorks Security Community http://www.ibm.com/developerworks/security/community.html
Ready for IBM Security Enablement Resources
https://www.ibm.com/partnerworld/page/isv_com_dvm_techval_security
Validation Requirements Document Page 11 of 11 IBM Security AppScan Family