AppScan Standard fails to authenticate a SharePoint application
When attempting to complete a scan with IBM Security AppScan Standard, the authentication with a SharePoint application may fail.
This can happen if the web.config file for the target application is not configured properly.
Diagnosing the problem
Inspect the web.config file on the target machine for any inconsistencies with RFC specification 2616.
In a reported issue Internet Explorer was able to access the site while AppScan and other tools could not. The following is an example of the problem web.config file:
<add name=" X-XSS-Protection" value="0" />
Note the extra space in the beginning of this header name: "X-XSS-Protection" Removing this extra space in the value resolved the problem.
Resolving the problem
Correct the formatting of the file.
More support for:
IBM Security AppScan Standard
Software version: 9.0, 220.127.116.11, 9.0.1, 18.104.22.168, 9.0.2, 22.214.171.124, 9.0.3, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124
Operating system(s): Windows
Reference #: 1576636
Modified date: 14 July 2017
Translate this page: