IBM Support

IBM Security AppScan Enterprise fixpack 9.0.3.4 available at FixCentral

Downloadable files


Abstract

This document describes how to download and install the 9.0.3.4 Fix Pack for IBM Security AppScan Enterprise.

Download Description

This fix pack synchronizes the versions across the AppScan product suite to simplify centralized management (the installation or updating of client components). AppScan Enterprise 9.0.3 fix pack versions are 9.0.3.1 (released on 04/26/16) and 9.0.3.4 (released on 10/26/16).

Note: This Fix Pack is a full release. You can use this Fix Pack to install AppScan Enterprise from scratch, or to upgrade your AppScan Enterprise from any earlier release as described in the attached readme file:

ReadMeASE.htmReadMeASE.htm

Check open mic recording from Nov 16, 2016: New features in AppScan Standard/Enterprise/Source version 9.0.3.4.

You can locate the Fix Pack on Fix Central using the following directions:

  1. Go to http://www.ibm.com/support/fixcentral/ and sign in using your IBM ID and password.
  2. Click the Select product tab, select Security Systems in the Product Group list, and click Continue.
  3. Select IBM Security AppScan Enterprise in the Product list.
  4. Select 9.0.3.1 in the Installed Version list.
  5. Select Windows or Linux in the Platform list, and click Continue.
  6. In the Identify fixes page, select Browse for fixes (or choose another search method), and click Continue.
  7. In the Select fixes page, select the check box "fix pack: AppScanEnterprise-Windows-9.0.3.4-platform name", and click Continue.
  8. Enter in your Passport Advantage credentials into the Sign in page and click Continue.
  9. In the Download options page, choose your download method (Download Director or your browser), and click Continue.

Prerequisites

Hardware and software requirements are available at: http://www.ibm.com/support/docview.wss?uid=swg27027541
Note: This Fix Pack, AppScan Enterprise version 9.0.3.4, shares documentation with AppScan Enterprise version 9.0.3.

Installation Instructions

The Interactive Installation Guide is available at http://www.ibm.com/support/knowledgecenter/SSW2NF_9.0.3/com.ibm.ase.help.doc/topics/roadmap_ase_install.html. A Planning & Installation Guide in PDF is available at the IBM Publications Center.

Download package

Download Package

This section takes you through the steps to install the FixPack.

1. Navigate to the directory where you downloaded the executable and extract the complete contents of ASE.zip, including AppScanEnterpriseServerSetup_9.0.3.4.exe.

Note: The executables for the GSC Explorer (ASE_GSCSetup.exe) and the Manual Explorer tool (ManualExplorerSetup.exe) are included in the AppScanEnterpriseServerSetup_9.0.3.4.exe and available for download through the UI, but are also provided as optional separate downloads. If you install AppScanEnterpriseServerSetup_9.0.3.4.exe, you do not need to run the executables separately.

2. To install AppScan Enterprise Server, double-click AppScanEnterpriseServerSetup_9.0.3.4.exe and continue with steps 4-7 below.

3. To install the Dynamic Analysis Scanner, double-click ASE_DASSetup_9.0.3.4.exe and continue with steps 4-7 below.

4. In the Setup Wizard, click Next.

5. In the License Agreement dialog box, choose the "I accept the terms in the license agreement" option, and click Next.

6. The Fixpack is installed. When the installation is finished, it will launch the Configuration Wizard (if the Launch Configuration Wizard option is selected); click Finish.

7. Exit the installation.


How critical is this fix?

Recommended

Problems solved

PI68701 Generating detailed security report with more than 5000 issues could cause IIS to crash
PI68479 Export from AppScan Standard 9.0.3.3 creates job with 0 URLs and 13 reports only
PI66007 Zip module fails to save the zip of the database when FIPS-140-2
PI65989 Users with a Reporting User Floating license cannot create import jobs
PI65529 Some jobs are not properly upgraded with respect to DOM Similar and redundant path limit, not the Glass Box one
PI68723 AppScan removes the base from the URL when setting HREF attribute under base element
PI70867 False positive – XSS was reported even though it didn’t escape the surrounding apostrophes
PI66844 Advisory and Fix Recommendation for SRI (Subresource Integrity) support in localized languages are blank
PI66308 JSON parameters values are not tracked when the tested mutation is not applied on one of the body parameters
PI67619 Unclosed comment tag in JavaScript causes XSS False Positive
PI68237 Possible false positive detecting Authentication Bypass using HTTP Verb Tampering
PI65366 False positive "Directory Listing Pattern Found"
PI68070 False positive "Session Identifier Not Updated" issue
PI69426 URL is scanned and tests are sent to URL in folders above the directory of the Starting URL
PI68768 Login and logout pages are tested even when the "Send tests on login and logout pages" option is cleared

Known side effects

· When uninstalling AppScan Enterprise on Windows 2012, the following services may appear as registered in the Services.msc dialog:


· IBM Security AppScan Enterprise Server
· IBM Security AppScan Enterprise Alert Service
· IBM Security AppScan Enterprise Agent Service

The associated files are removed during the uninstall process, but when you attempt to install AppScan Enterprise again, the installation will register the new services if these entries are still there.

You can manually remove the services by performing the following commands from the Windows command-line:
· sc delete "IBM Security AppScan Enterprise Server"
· sc delete "WFAlertSvc"
· sc delete "WFAgentSvc"
· To access the new interactive REST APIframework, the AppScan Enterprise instance name must be called 'ase' (for example, https://<domain>:9443/<b>ase</b>/api/pages/apidocs.html).
· Use Microsoft Silverlight with Internet Explorer 8.0 to properly render Dojo functionality.
· When a scan job only has a recorded login (no Manual Explore or Starting URLs), the scan will not crawl below that page. Add at least one URL to the Manual Explore or Starting URL of the What to Scan page.
· If you upgrade a database from pre-8.8, and then click any existing job, the scan log will be empty. Rerun your jobs to generate a new scan log.
When editing the Edit Application Profile Template page in IE 8/9, changes are not saved. Navigate away from the field you are editing and then back to it. Save your changes. Alternatively, upgrade your browser to IE11 or Firefox 38 ESR

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is Fix Central(FC)?
AppScan Enterprise on Windows 26 Oct 2016 English 3674710639 FC
AppScan Enterprise on Linux 26 Oct 2016 English 261083791 FC

Technical support


Licensing Information

Consult Licensing for AppScan Enterprise.


Other Versions

Check AppScan Enterprise versions available.


Helpful Hints For Obtaining Technical Assistance

Before you contact IBM Security Software Support, gather the background information that you need to describe the problem. When creating the ticket give the following information:

  • What operation did you performed - and what error message have you received?
  • The background information needed to understand the issue.
  • Version of AppScan Enterprise. Make sure you are opening the ticket for AppScan Enterprise (there are several AppScan products supported by different teams).
  • Impact of the issue on your organization, schedule, deadlines.
  • Upload logs, screen captures, and background information to the ticket (logs required for common troubleshooting issues).

Problems (APARS) fixed
PI68701, PI68479, PI66007, PI65989, PI65529, PI68723, PI70867, PI66844, PI66308, PI67619, PI68237, PI65366, PI68070, PI68768, PI69426

Document information

More support for: IBM Security AppScan Enterprise
Installation

Software version: 9.0.3.4

Operating system(s): Linux, Windows

Reference #: 4042889

Modified date: 09 May 2017