Projects

quicksearch

Description:This eXtension lets the user search for information about a specific security issue that was found by AppScan. The eXtension provides several ways to perform the search: Search according to issue name Search according to issue threat class (WASC TC) Search according to issue CVE-ID The ... [More] eXtension comes pre-built with search queries for: CVE Search Google SecurityFocus Wikipedia Windows Live Search And you can also add your own search engine queries. Written By: Oliver Ng - Deloitte. http://www.deloitte.ca/ [Less]

testpositive

Description:This tool can be used to view any vulnerability outside AppScan. The most common use case is that of a security expert wanting to demonstrate the vulnerability to a developer that doesn't have AppScan installed. The auditor can simply click on the Send to Test Positive menu item ... [More] added by the Test Positive Extension, save the report in a convenient location and then zip the Test Positive executable together with the report and e-mail the package to the author of the vulnerable web application. For more information, see our Wiki page. The Test Positive utility and eXtension were created by Paul Ionescu, Watchfire Technical Support Screenshot: [Less]

privescrunner

The Privilege Escalation Runner automates the scanning with different login credentials, and then continues to perform the Privilege Escalation tests available in AppScan.

powerpointreporter

Description:AppScan Reporter for Microsoft PowerPoint is a Watchfire AppScan eXtension that lets you generate presentation files from scan data, based on user supplied template files. Using AppScan Reporter for Microsoft PowerPoint is straightforward – simply select a template file and click ... [More] Generate. How It Works:AppScan Reporter for Microsoft PowerPoint reads in two template files: Design template Content template AppScan Reporter for Microsoft PowerPoint copies all slides from the content template, creates a new presentation based on the design template, and pastes the slides in. It then proceeds to search for predefined fields and replace them with data driven values from the current scan. [Less]

wordreporter

Description:WordReporter allows AppScan users to generate custom reports as Word documents. It works by merging report data directly into a Word document, according to a template provided in the Word document. The template consists of named merge fields in the Word document, which control where ... [More] AppScan data is inserted. A Word Smart Tag assists in the creation of the template in the Word document. In essence, this eXtension extends the report formatting capabilities of AppScan, and allows users to create their own custom reports, in a format that suits a specific customer. [Less]

copytoclipboard

Description:This eXtension, creates a Context-menu item, that allows you to copy a certain issue that was found during a scan, including its URL tree. Written By: James Landis, Fishnet Security (http://www.fishnetsecurity.com/)

defectloggertfs

Description:This eXtension allows you to create a new bug in your defect tracking system directly from the AppScan UI. The AppScan user can right-click on an issue and choose “Log Defect”. A form for creating the new bug is shown, with fields automatically populated with details of the security ... [More] defect, and attachments including the advisory and fix recommendation. Written By: Dan Cornell (dan AT denimgroup DOT com), http://www.denimgroup.com [Less]

filetoexd

Description:FiletoEXD works by taking a directory listing from a file created on either Linux or Windows and importing it directly into AppScan. This means that you can save alot of time and properly get better coverage, in scenarios where the application includes files that are not linked from the ... [More] site. Written By: Dennis Rand (http://www.cirt.dk/) [Less]

asepublisher

Description:This eXtension is a lightweight integration with Watchfire AppScan Enterprise. It allows the user to push XML scan data, as an Import Job directly to AppScan Enterprise, when the scan is performed. Important:In order for ASEPublisher to work, you will need to download and install this ... [More] file on AppScan Enterprise. The zip file includes installation instructions for the Web Service. [Less]

defectloggermqc82

Description:This eXtension allows you to create a new bug in your defect tracking system directly from the AppScan UI. The AppScan user can right-click on an issue and choose 'Log Defect'. A form for creating the new bug is shown, with fields automatically populated with details of the ... [More] security defect, and attachments including the advisory and fix recommendation. [Less]