UC Davis offers enterprise tools, reference materials, and services that can help its developers and system administrators produce, procure, and maintain software that is secure and resilient. If you develop, use or maintain applications, you are strongly encouraged to review and use the resources shown below. Please direct any general questions about them to firstname.lastname@example.org.
IBM AppScan Enterprise
About AppScan Enterprise (formerly Watchfire)
Web developers, content managers, database administrators and system administrators use IBM's AppScan Enterprise to check web applications for security vulnerabilities. This software can be used in test, development, and QA instances to find all linked pages, and to check sites for vulnerabilities such as SQL injection, cross site scripting, and other common web vulnerabilities. Information about AppScan services, training, and access can be found below. Please direct all questions related to AppScan to email@example.com.
Getting started with AppScan
There are three different ways to get started with AppScan. For individuals or teams just starting out, we recommend that you take advantage of the one-on-one AppScan Services or sign up for one of the classroom-style trainings. Alternatively, if you’d like to get started right away, new accounts can be requested through firstname.lastname@example.org. Please see below for more information.
Assistance is available to campus units that design, develop, maintain, or acquire web applications. AppScan administrators can help campus developers learn to configure new scans, understand the scan results, and troubleshoot any issues that might arise during the process. Units needing assistance from the AppScan team should contact email@example.com or visit the AppScan as a service page for more information.
AppScan training sessions are offered throughout the year and are typically announced through the firstname.lastname@example.org mailing list, as well as the Security Training website. Basic and advanced classroom-style training is available, and each can be taken multiple times.
Enroll through the UC Learning Center website. Search for “AppScan” for a list of currently open classes. Please contact Staff Development and Professional Services at email@example.com or (530) 752-1766 if you need registration assistance.
New accounts are typically provisioned after an individual has participated in one of the AppScan training sessions (either classroom or one-on-one). If you already have experience working with AppScan or a related tool and feel comfortable starting right away, please contact firstname.lastname@example.org.
Application Security Special Interest Group
These monthly AppSec SIG meetings cover both technical and process-related topics.
AppScan Enterprise training materials
Access to these materials is restricted to campus system administrators. To request access, contact email@example.com.
- Introduction to AppScan Enterprise (PDF)
- HTTP Basics (PDF)
- Performing a Web Application Security Assessment (PDF)
- AppScan: Frequently Asked Questions
- AppScan Enterprise Description
- AppScan Threat Classes and Descriptions (PDF)
- AppScan Enterprise overview (PDF)
- Data Classification Guidelines
UC Davis application security requirements
For UC Davis application security policies and requirements, including information on the exception process, please refer to the UC Davis Cyber-safety Policy.