IBM Maximo Asset Management

advertisement
IBM® Security Systems Division
Ready for IBM Security Intelligence
Validation requirements document for
IBM Security AppScan Family
Please visit the Ready for IBM Security Intelligence software validation site
for assistance, enablement support, and current copy of this document:
http://www.ibm.com/partnerworld/rfisi
Validated solution integrations and extensions can be found in the Ready for IBM Security Intelligence
Showcase
http://www.ibm.com/partnerworld/rfisisolutions
Send documents to pwisv@us.ibm.com, “Ready for IBM Security Intelligence” in subject line.
Document Version 3
Table of Contents
Introduction ........................................................................................................................ 3
Items required to complete validation ................................................................................ 4
Validation contact information .......................................................................................... 5
Solution to be validated ...................................................................................................... 6
Solution overview .................................................................................................................................. 6
Integration requirements .................................................................................................... 7
Architecture and overview ..................................................................................................................... 7
Solution integration details ................................................................................................ 8
Integration exceptions ........................................................................................................ 9
Resources.......................................................................................................................... 10
Validation Requirements Document
IBM Security AppScan Family
Page 2 of 10
Introduction
Ready for IBM Security Intelligence program validates partner integrations with IBM Security
software and represents the solution integrations in the IBM Security section of the Ready for IBM
Security Intelligence Showcase. This includes partners working to complete Industry Frameworks,
Solution Initiatives, and Specialties or other offerings with a dependency on validating integrations
with IBM Security Software.
This document provides the steps and validation requirements for demonstrating integrations with the
IBM Security AppScan family of products. A brief overview of the integration points are provided,
along with the testing, documentation and demonstration results needed to verify and validate the
solution integration.
Reference the following resources for assistance. For further assistance contact our IBM Security
AppScan validation specialist Dan Schofield, dan.schofield@uk.ibm.com
Ready for IBM Security Intelligence Resources
Ready for IBM Security Intelligence Home
Getting Started with the Ready for
IBM Security Intelligence program
Ready for IBM Security Intelligence
integration points and resources
Ready for IBM Security Intelligence
DeveloperWorks Homepage
Ready for IBM Security Intelligence
Message Board
IBM PartnerWorld Contact Services
assistance getting started
Ready for IBM Security Intelligence
Showcase
Program Manager Contact
IBM Security Communities
best practices and scenarios
IBM Service Management Connect
IBM Software Access Catalog
download IBM Security software
IBM PartnerWorld option support
assistance with listed products
Validation Requirements Document
IBM Security AppScan Family
http://www.ibm.com/partnerworld/rfisi
https://www.ibm.com/partnerworld/wps/servlet/Content
Handler/isv_com_dvm_techval_security_start
https://www.ibm.com/partnerworld/wps/servlet/Content
Handler/isv_com_dvm_techval_security_integration
http://ibm.co/rfisi
https://www.ibm.com/developerworks/mydeveloperwork
s/groups/service/forum/topics?communityUuid=85cce0f
0-581e-4b9e-9da8-b57c4a257949&ps=10&page=0
US Number: 800-426-9990, 770-858-5052, e-mail:
pwisv@us.ibm.com, ask for Ready for IBM Security
Intelligence assistance.
http://www.ibm.com/partnerworld/rfisisolutions
Russ Warren, russell.warren@us.ibm.com
Other Resources
http://www.ibm.com/developerworks/security/communit
y.html
https://www.ibm.com/developerworks/servicemanageme
nt/srm/index.html
http://www.ibm.com/isv/welcome/softmall.html
Voice US Number: 800-426-9990, 770-858-5052,
Remote e-mail:
https://www.ibm.com/isv/tech/member/index.html
Page 3 of 10
Items required to complete validation
To validate your IBM Security AppScan family based integration and include the solution highlight in
the Ready for IBM Security Intelligence Showcase, the following items must be submitted to the
validation lab at pwisv@us.ibm.com. Please consult the Ready for IBM Security Intelligence software
validation Web site for guidance and details concerning the validation process at
https://www.ibm.com/partnerworld/wps/servlet/ContentHandler/isv_com_dvm_techval_security
Items required for validation
Final validation Final version of this document representing the solution integration
requirements document being validated Ready for IBM Security Intelligence. Need to document
and identify the classes and interfaces used.
Test plan report Document containing use scenarios, data points, and information on the
solution integration with IBM Security AppScan Will be used when
reviewing test results and files, performing the validation, and during
the solution integration demonstration.
Integration Setup Solution setup or administration documentation, or a portion of a
Information document providing information customers would use to setup or
configure the integration between your solution and IBM Security
AppScan Should include items in IBM Security AppScan that need to
be customized to make the integration work.
Demonstration A remote demonstration or captured demo to walk through the
integration scenarios with IBM Security AppScan.
Ready for IBM Security Integration highlights (solution overview, requirements, contacts) used
Intelligence Showcase for the Ready for IBM Security Intelligence Showcase entry
(http://www.ibm.com/partnerworld/rfisisolutions). This should include a
company logo that can be used (Recommended size 100 x 50).
Web page To include your solution integration reference in the Ready for IBM
Security Intelligence Showcase
(http://www.ibm.com/partnerworld/rfisisolutions), you need to provide
a Web page link highlighting the solution integration. Also, encourage
using the Ready for IBM Security Intelligence logo mark on your Web
page, solution material, at conferences and on other marketing material.
Validation Requirements Document
IBM Security AppScan Family
Page 4 of 10
Validation contact information
Please complete ALL the fields below to provide the validation project contact information.
Submitted by:
Title/Position:
Company:
Address:
Telephone:
Fax:
E-mail:
IBM Security AppScan Standard V8
IBM Security AppScan Standard V8
IBM Security Product:
IBM Security AppScan Source V8
IBM Security AppScan Source V9
IBM Security AppScan Enterprise V8
IBM Security AppScan Enterprise V9
Your Solution Name and
Version:
Global Solution Directory
URL:
Current Date:
Anticipated Solution Start
Date:
Anticipated Solution
Completion Date:
Validation Requirements Document
IBM Security AppScan Family
201X/mm/dd
201X/mm/dd
201X/mm/dd
Page 5 of 10
Solution to be validated
Solution overview
Please fill in the auto-sizing text box below to provide the validation lab a technical overview of
the application or solution, the integration points and solution to be validated.
To be filled in.
Validation Requirements Document
IBM Security AppScan Family
Page 6 of 10
Integration requirements
This section provides an overview of the Ready for IBM Security Intelligence validation
requirements for each of the products in the IBM Security AppScan familt. The next section
“Integration Options for Validation” will allow you to identify the configuration and pertinent
platforms used by your offering for validation.
Architecture and overview
This following diagram shows the overall architecture of the IBM Security AppScan Family
 IBM Security AppScan Standard Edition delivers the desktop solution for automating web application security testing.
Used by penetration testers and security auditors, as well as QA and development. Output from AppScan Standard can be
used as input into Partner system to provide further specialised analysis or defect tracking.
 IBM Security AppScan Enterprise Edition is a web-based, multi-user solution that provides centralized application
security scanning, data consolidation and reporting, remediation capabilities, executive dashboards, compliance reporting,
and seamless integration with AppScan Standard Edition. Using the XML/SOAP REST API Business Partners can
integrate with AppScan Enterprise to enable vulnerability information to be used in other security systems to mitigate the
risks of attack until fixes can be made in the applications.
 IBM Security AppScan Source Edition automates the analysis of source code to identify vulnerabilities and facilitate
their remediation by integrating with development processes and tools, including build systems and IDEs.
Validation Requirements Document
IBM Security AppScan Family
Page 7 of 10
Solution integration details
This section is used for you to describe the solution integration items and methods used with IBM
Security AppScan. The requested information is required and will be used as a “benchmark” to
proceed with the validation.
Check each integration type you will use to integrate your solution with IBM Security AppScan
Specify each operating system platform the integration supports.
AppScan Product / Integration Point
AppScan Standard Extensions Framework
AppScan Standard CLI
AppScan Standard Pyscan/Utilities
AppScan Enterprise REST API
AppScan Source CLI
AppScan Source for Automation
OS platforms
Yes
No
Yes
No
Yes
No
Yes
No
Yes
No
Yes
No
Windows 2003
Solaris
Linux
Windows 2008
HP/UX
AIX
Other (Specify)
Use the following area to provide a functional overview of the integration with the proposed data flows
for the above selected interfaces and integration points. Highlight any high level business rules that are
applicable along with the communication/protocol format being used. Critical would be information
where the transaction or data exchanged meets specific compliance issues and concerns. It may be
beneficial to insert a data flow diagram (like a Visio or PowerPoint) showing the interchange of data
and the specific criteria that the interchange needs to address to work with the external system.
Sufficient information is needed to assess the flow of information through the interfaces.
Note: No need to duplicate information if some of this will be placed in the requested Integration
Guide.
Validation Requirements Document
IBM Security AppScan Family
Page 8 of 10
Integration exceptions
Use this section to note any exceptions to the Integration Requirements that should be considered for
this integration. Also List any additional considerations or system impact not explicitly stated
previously. May include, but not limited to: database changes, application functionality, or any task that
affects the integration but is outside the scope of this estimate. Information will be review and
discussed during validation.
Validation Requirements Document
IBM Security AppScan Family
Page 9 of 10
Resources
Use the following information and resource links to assist with setting up and integrating with the IBM
Security AppScan family of products
IBM Security AppScan Homepage
IBM Security AppScan Standard
Documentation
IBM Security AppScan Source
Documentation
IBM Security AppScan Enterprise
Documentation
Application Security Community of
Practice
Support Portal
DeveloperWorks Security Community
Ready for IBM Security Enablement
Resources
Validation Requirements Document
IBM Security AppScan Family
http://www-01.ibm.com/software/awdtools/appscan/
http://pic.dhe.ibm.com/infocenter/apsshelp/v8r7m0/index.jsp
http://pic.dhe.ibm.com/infocenter/appsrc/v8r7m0/index.jsp
http://pic.dhe.ibm.com/infocenter/asehelp/v8r7m0/index.jsp
https://www.ibm.com/developerworks/mydeveloperworks/blog
s/242fafe4-766c-4c93-bb7d-3d2a5ee1cbd6/?lang=en
http://www947.ibm.com/support/entry/portal/overview/software/security_
systems/ibm_security_appscan_family
http://www.ibm.com/developerworks/security/community.htm
l
https://www.ibm.com/partnerworld/page/isv_com_dvm_techv
al_security
Page 10 of 10
Download