Shulou(Shulou.com)06/03 Report--

1. Error 1603 occurred during AppScan installation.

It is because it has been installed before and has not been uninstalled cleanly, resulting in an error. The solution is as follows:

1. Control Panel → programs and functions → Select programs to uninstall.

2. Delete the AppScan installation path and all the contents below.

3. In the system [start]-> [run (R).] Run the command regedit to remove all registration keys, if any, and the following subkeys:

A.HKEY_LOCAL_MACHINE\ SOFTWARE\ IBM\ Rational AppScan

B.HKEY_CURRENT_USER\ Software\ IBM\ Rational AppScan

4. Delete everything under the Windows TEMP folder:

a. Click system [start]-> [run (R)...], enter% temp% and run

b. When the folder is open, select the menu [Edit]-> [all selected (A)], right-click any part of the selected file and select "Delete"

(d)] (skip files that may still be in use and delete as many files as possible that can be deleted)

5. Also open the APPSCAN_TEMP folder:

a. Delete all the contents after opening it.

b. If the following error occurs, ignore it and start the next step

% APPSCAN_TEMP%

Windows cannot find'% APPSCAN_TEMP%'. Make sure you typed the name

Correctly, and then try again. To search for a file, slick the Start

Button, and then click Search.

6. Use the disk cleanup settings included with Windows to clean up your computer:

a. In the system [start]-> [run (R).] Enter the command: cleanmgr/sageset, select "temporary installation file", "installation log"

File "," temporary file "and uncheck other items (so that the configuration of the tool has been completed).

b. In the system [start]-> [run (R).] Type the command: cleanmgr/sagerun (this starts the cleanup function, which usually takes a few minutes to complete).

Restart the computer.

Second, tamper with the website code after AppScan scanning.

In the scan configuration → test strategy → checked intrusive, it is possible to tamper with the code of the site. If you can tamper with it, you can remove this check box during the scan. (but this is it, you have to put it in the code to be hacked *)

Third, the space of C disk is insufficient in the process of AppScan scanning.

1. It is recommended that you do not check to enable scanning logs. When the scanning website is too large or the scanning time is too long, the system will crash as the log files change. If it has been checked, you can check it out in the tool → option → to enable scan log.

2. If you want to check it, you can save the user files to other hard drives. The default user file is: C:\ Documents and Settings\ Administrator\ My Documents\ AppScan; can be changed to a different path. The path can be modified by selecting the tool → option → General → file location in the menu bar.

3. If you have changed the above address to another disk, but found that the space of disk C is consumed quickly during the scanning process, it is because many temporary files are saved on disk C, and there is a hidden parameter APPSCAN_TEMP in AppScan to set the temporary file location. You can modify the system variable to other hard disk space. Temporary file location description: describes the location where AppScan saved its temporary file during normal operation. By default, AppScan stores its temporary files in the following location: C:\ Documents and Settings\ All Users\ Application Data\ IBM\ Rational AppScan\ temp if you need to modify this default location, edit the path of the environment variable APPSCAN_TEMP as required.

You can access the environment variable by right-clicking on my computer and then selecting the properties → advanced → environment variable.

Note: there must not be any Unicode characters in the path of the new location.

Modify temporary files in AppScan: right-click on the desktop to select my computer → properties → advanced system settings → advanced → environment variables, add a new "user environment variable", the name is "APPSCAN_TEMP", set the path to the directory where you want to save temporary files.

4. You can always pause the scan and start it later. Of course, with the previous method, I don't think it is necessary.

Fourth, the virtual memory is insufficient during AppScan scanning.

1. Save once an hour to avoid wasting the previous scan results in case of failure; in the tool → option → scanning process, the automatic save setting is automatically saved every 60 minutes.

2. You can change the attribute value to true in the tool → option → advanced search PerformanceMonitor.RestartOnOutOfMemory. Causes Rational AppScan to restart automatically when memory usage is relatively excessive. In this way, when the scan is forced to stop because the remaining virtual memory is too low, Rational AppScan will monitor the settings of the system registry to decide whether to restart.

Fifth, there is a communication problem during AppScan scanning.

1. Reduce the number of threads, scan and configure → communications and proxies.

2. Increase the number of timeouts, scan and configure → communications and agents.

3. The server has a firewall, which can be scanned after the firewall is turned off.

6. When AppScan opens the file, it prompts "the file is corrupted".

Try this first, probably because Issch and ISUSPM self-startup items are disabled. Run "msconfig" to see, if disabled, turn it on and start it up.

Seventh, a brief description of the whole scanning process of AppScan.

AppScan use steps: planning, execution, inspection, analysis.

1. In the planning phase (plan): clear purpose, strategic selection and task decomposition

A. clear purpose: choose the appropriate scanning strategy

B, get to know the object: first explore to understand the structure and size of the website

C, determine the policy: make the corresponding configuration

D. decompose the scanning task according to the directory

E. decompose the scanning task according to the scanning strategy

2. Do: scan and observe at the same time

A, climb first and then scan (continue testing only)

3. Inspection phase (Check)

A. check and adjust the configuration (some problems may arise in the process)

4. Result analysis (Analysis)

A, comparison results

B, summary results (integration and filtering)

Ps. In general, when scanning, comprehensive scanning will be more comprehensive.

Eighth, verify after modification.

1. Right-click the problem that needs to be verified, and click retest. If fixed, the problem will disappear.

2. For problems that cannot be verified by the leakage of sensitive information in HTML comments, you can click on the specific question and then view the request / response. Click the next line to highlight the specific problem, and then check in the foreground of the corresponding page of the website to see if the comment has been removed.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.