Application Security

UC Davis offers enterprise tools, reference materials, and services that can help its developers and system administrators produce, procure, and maintain software that is secure and resilient. If you develop, use or maintain applications, you are strongly encouraged to review and use the resources shown below. Please direct any general questions about them to

IBM AppScan Enterprise 

About AppScan Enterprise (formerly Watchfire)

Web developers, content managers, database administrators and system administrators use IBM's AppScan Enterprise to check web applications for security vulnerabilities. This software can be used in test, development, and QA instances to find all linked pages, and to check sites for vulnerabilities such as SQL injection, cross site scripting, and other common web vulnerabilities. Information about AppScan services, training, and access can be found below. Please direct all questions related to AppScan to

Getting started with AppScan

There are three different ways to get started with AppScan. For individuals or teams just starting out, we recommend that you take advantage of the one-on-one AppScan Services or sign up for one of the classroom-style trainings. Alternatively, if you’d like to get started right away, new accounts can be requested through Please see below for more information.

AppScan services

Assistance is available to campus units that design, develop, maintain, or acquire web applications. AppScan administrators can help campus developers learn to configure new scans, understand the scan results, and troubleshoot any issues that might arise during the process. Units needing assistance from the AppScan team should contact or visit the AppScan as a service page for more information.

AppScan training

AppScan training sessions are offered throughout the year and are typically announced through the mailing list, as well as the Security Training website. Basic and advanced classroom-style training is available, and each can be taken multiple times. 

Enroll through the UC Learning Center website. Search for “AppScan” for a list of currently open classes. Please contact Staff Development and Professional Services at or (530) 752-1766 if you need registration assistance.

AppScan access

New accounts are typically provisioned after an individual has participated in one of the AppScan training sessions (either classroom or one-on-one). If you already have experience working with AppScan or a related tool and feel comfortable starting right away, please contact

Application Security Special Interest Group

These monthly AppSec SIG meetings cover both technical and process-related topics.

AppScan Enterprise training materials

Access to these materials is restricted to campus system administrators. To request access, contact

  1. Introduction to AppScan Enterprise (PDF)
  2. HTTP Basics (PDF)
  3. Performing a Web Application Security Assessment (PDF)
  4. AppScan: Frequently Asked Questions


UC Davis application security requirements

For UC Davis application security policies and requirements, including information on the exception process, please refer to the UC Davis Cyber-safety Policy.