Tuesday, 4 December 2012

IBM AppScan Standard, Source and VisualStudio (in the same GUI/App)

Here are some cool screenshots sent to me by an O2 user, that used the technique shown in Using a .Net/CLR, a Java/JVM and a C++ Window in another process (to show consolidated security findings) to create a GUI, where windows from AppScan Standard (.Net app), AppScan Source (Java app) and VisualStudio (C++/.NET/WPF app) are shown side by-by-side (fully functional) in an external process.

Bellow you can see the four Windows in action:

  • Top Left: Findings TreeView from AppScan Standard (.Net)
  • Top Right: Code Editor from VisualStudio (C++/WPF)
  • Bottom Left: Trace View from AppScan Source (Java)
  • Bottom Right: Guidance from AppScan Standard (WebBrowser)

Here is the context menu of AppScan Standard:

Here is an image popup from AppScan Standard:

Here is the content menu from AppScan Source:

Here is the context menu from VisualStudio:

His idea is to create GUI with:

  1. The Development and Deployment environment for the application. 
  2. Dynamic and Static scans of the application. 
  3. Tools to browse visually all the relevant configuration information. 
  4. The ability to script Rules and WAFLs, scans and results for each of the Engines. 
  5. Ways to create FindingPacks containing all the relevant information for a particular correlated set of results to send to a developer. 

Sounds like a job for an O2 script :)