As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

AppScan Standard Scan Agent

Owned by Daniel Hall (Unlicensed)
Last updated: Jan 25, 2023 by Daniel ColonVersion comment
2 min read

You will learn

How to setup and run AppScan Standard Scan Agent.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: AppScan Standard

  1. Scanners must always be configured first as detailed in the Scanner Configuration guide.

  2. After running "java -jar scanagent.jar -r" to start the scan agent on the AppScan Standard server, detailed in the Scanner Configuration guide, set up a scan agent task in ThreadFix. After starting the scan agent start a task in ThreadFix. If desired, follow the progress of the scan on the AppScan server (note if using Powershell clicking in the Powershell window will freeze the scan), or by refreshing ThreadFix.

     

  3. Once complete a blue banner saying a scan is complete will display and upload automatically. AppScan will reset and prepare for the next task. The base scan and dest scan will be populated in the workDir from the setup to be used as a future base scan if desired. 

  4. Save the state of the scanner and name the config file. The name must be all lower-case or ThreadFix will not recognize the file:
    <scanner>.scanagtcfg (e.g., zap.scanagtcfg)

  5. AppScan require a base scan that it uses as the configuration file. Run a scan on AppScan Standard (note the configurations of this scan will be the configuration of a user-sent task). Save this file as a .scan file. 




     

  6. This file can be used with the naming convention "appScan.scanagtcfg" which will work for all future tasks until replaced, by uploading it to the ThreadFix application itself or by uploading it during the task setup. ThreadFix is looking for a .scanagtcfg file, anything uploaded during the task setup is saved in Files and can be used again. This is per ThreadFix application so a different application that does not have a .scanagtcfg would have to repeat this process. 

    Another option is to take the .scan file, leave it as a .scan file and upload it during the task set up as a one time use configuration (will not be used in future tasks). This is used as a Profile in ThreadFix and will be labeled in the Task tab. 

  7. To edit the configuration, simply run another scan in the AppScan Standard app and replace the .scan or .scanagtcfg being used. 

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.