IBM Rational AppScan – Enterprise Edition
IBM Rational AppScan Reporting Console
IBM Rational Policy Tester
Version 5.4.0.2 Readme
Overview
This document contains release notes for IBM Rational
AppScan – Enterprise Edition, IBM Rational AppScan Reporting Console and
IBM Rational Policy Tester. This product is composed of three core
components that may be installed together or separately across multiple
machines: the Control Center is the web-based user interface; the Agents
run jobs, dashboards and report packs; and the Alerting Service monitors and
sends Alerts. For more detailed information, see the Planning and
Installation Guide, ase_plan.pdf, located in the same
folder as this file.
These release notes provide basic installation information
and document known issues that were discovered prior to release.
Minimum System Requirements
|
IBM Rational
AppScan – Enterprise Edition / IBM Rational AppScan Reporting Console
/ IBM Rational Policy Tester Minimum System Requirements
|
|
|
|
|
Processor
|
3.0-GHz Pentium IV-compatible processor; faster processor
or multiple processors recommended
|
|
Memory
|
2 GB of RAM or more recommended
|
|
Hard Disk
|
|
•
|
Approximately 200 MB of available hard-disk space for
the recommended installation
|
|
•
|
Approximately 10 GB of available hard-disk space for
scan logs on Agent Server
|
|
•
|
Approximately 200 GB of available hard-disk space on
the system hosting the database
|
|
|
Operating System
|
|
•
|
Windows Server 2003 with Service Pack 1 or later
|
|
•
|
Windows XP with Service Pack 2 or later for demonstration
purposes only
|
|
|
It is highly recommended that latest Critical Updates from Microsoft
for your operating system be installed.
|
|
|
Database
|
· SQL
Server 2005 Service Pack 1 Standard Edition or better
· SQL
Server 2005 Express Edition Service Pack 1 for demonstration purposes only
· SQL
Server system requirements available from this Microsoft
Web Site
|
|
Other Prerequisites
|
· Before
installing AppScan Enterprise Server or AppScan Reporting Console, you must
have IIS 5.1 or higher installed (not required for servers running Watchfire
Agents only).
· Before
installing AppScan Enterprise Server or AppScan Reporting Console, you must
download and install the .NET Framework 2.0 from this Microsoft
Web site.
· Ensure
that ASP.Net is installed and enabled in IIS.
|
|
Supported Browsers
|
Microsoft Internet Explorer 6.0 Service Pack 1 or later
Mozilla Firefox 1.5 or later
|
Additional
Recommended Hardware Requirements
The following recommendations will
increase the performance and are highly recommended for scanning large web
applications and sites:
- Install
the Agents on a separate server from the Database Server.
- The
Agents require significant processing from the database server while
running scan jobs and report packs. Configure Database Server as a server
class machine, with multiple processors and a SCSI disk array configured
as RAID(0) for fast disk I/0. 4 GB of RAM
recommended if Database and Agents share one machine.
For a full discussion of sizing
system hardware to meet your needs, see the Planning and Installation Guide.
Installation Notes
- If .NET
2.0 is installed before IIS, ASP.NET 2.0 may not be registered. It can be
manually registered by running "aspnet_regiis
/i" from
"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727"
Known Issues and Workarounds
- When upgrading from
5.4.0.1 the Jobs must be run prior to running the report packs. If report packs are run independently of jobs following the upgrade the data may be incorrect.
- When upgrading from
5.4.0.0 the the report packs will be disabled and need to be re-run. Be sure to run the jobs first and then the report packs to ensure consistent and correct data.
- If upgrading from
5.4.0.0 having done Issue Management on Accessibility issues previously - please contact Support or your Account rep
prior to implementing the upgrade. If this is not done, the previously defined issue management settings will be lost.
- Attempting
to uninstall only the Alerting Service by running the installation program
will fail to remove the Alerting Service. The Alerting Service may be
disabled if no longer needed using Administration Tools > Services.
- As
starting URLs are added to the Job configuration, those that are not
included in the Server Group associated with the Test Policy selected for
the scan will not be tested for security. The job administrator must
understand their scanning permissions to correctly configure the scan
properties.
- Since
AppScan Enterprise Server sends security tests that some firewall products
could flag as suspicious network activity, there is a risk of performance
degradation and of false negative results when the firewall is deployed
between the Agents and the website being scanned.
- A user
must run IE in the account that is running the Rational AppScan Enterprise
Agent Service at least once for the Interaction login scripts to function,
as this feature uses components of the IE browser. If the browser has not
been run, the "run once" items (e.g. setting up the connection
settings that IE prompts the user for on the first run of the browser)
will prevent the script from being run.
- When
normalization rules are defined within the Job Properties, it is important
to ensure that they result in a valid URL. If the user-defined
normalization rules results in an empty URL string, there is a risk of the
scan not ending.
- If
Issue Management has been done on the reports, the Report Pack Summary
report will be out of synchronization with the report data. The Report
Pack will need to be re-run to synchronize the numbers when Issue
Management tasks are completed.
- Deleted
reports are not immediately removed from the dashboard. The dashboard must
be re-run for the change to take effect.
- When
using Manual Explore functionality in IE it is advised to enable the
Internet/Advanced Option for ‘Use
HTTP 1.1 through proxy connections’, otherwise connectivity issues
and/or performance degradation may occur.
- When
using Manual Explore functionality in Firefox there is a risk of some
requests not being recorded. To ensure a complete recording you will need
to clear the browser cache (F5) before beginning a Manual Explore
recording.
- Policy Tester
customers will notice the AppScan Enterprise name in the product UI. This
will not affect the functionality of the product and will be resolved as
new product names are defined as part of the IBM acquisition.
© Copyright IBM Corp.
1996, 2007. All rights reserved.