Security vulnerabilities testing by using HCL® AppScan

You can use HCL® AppScan to scan all HTTP traffic that is generated as part of integration testing in Rational® Integration Tester for security vulnerabilities.

Prerequisites

Before you use HCL® AppScan to scan the HTTP traffic to and from Rational® Integration Tester, you must consider the following prerequisites:
  • You must have installed a licensed version of HCL® AppScan Enterprise or HCL® AppScan Standard edition. Visit the AppScan family of products page to select your product and version to view the documentation. You can refer to the documentation for the installation instructions for the HCL® AppScan version that you want to use.
  • You must be familiar with configuring and using HCL® AppScan to scan applications or web services for security vulnerabilities.

Overview of tasks

You can find the tasks that you can perform for scanning the HTTP traffic to and from Rational® Integration Tester in the following table:
Task
1. Install HCL® AppScan or the HCL® AppScan Dynamic Analysis Client.
2. Set up Rational® Integration Tester as the application to scan, in the HCL® AppScan server or the HCL® AppScan Dynamic Analysis Client.
You can use any of the following methods to set up the application:
  • Login Management
  • Manual Explore
  • External Traffic Recorder
Refer to the AppScan documentation for the details on these methods in the version of AppScan that you want to use.
3. Start Rational® Integration Tester from the command line. See Starting Rational Integration Tester from the command line.
4. Verify if the HTTP traffic to and from Rational® Integration Tester is scanned by HCL® AppScan by creating a project, setting up a physical transport, and creating tests to send and receive messages in Rational® Integration Tester. After you run the tests, you can view the scan reports in HCL® AppScan.