IBM AppScan is a dynamic web application security tool that identifies flaws and vulnerabilities in web applications. The Information Security team offers this tool at no charge for campus use.
Along with the tool, the Information Security team created course work to help members of campus learn how to better use the tool. Staff Development manages the hosting and administrative details of the courses that have been developed. Currently, the Information Security team is in the process of revamping the curriculum for AppScan, and once complete, the curriculum will be hosted with Staff Development again.
Scan web and code applications for vulnerabilities and validate mitigations
Automates vulnerability assessments; scans and tests
Provides full coverage of the OWASP Top 10 and NIST 800-131a
To gain access to the tool, please email a request to firstname.lastname@example.org. In the subject line, write "IT Security: AppScan."
For course registration assistance on AppScan, contact Staff Development and Professional Services at email@example.com or (530) 752-1766
Please direct other questions to firstname.lastname@example.org, and in the subject line, write "IT Security: AppScan."
The tool, AppScan, is available for request M-F, 8 a.m.- 5 p.m. Once a developer has the tool they can use it on their own timeline.
The courses, after updated, will be placed in the Staff Development Course Catalog and be offered cyclically or as the demand requires.
More information about this service can be found online.
Policies & Guidelines:
UCDavis Policy 310-22 Exhibit A: Section 5: Personal Information and 16: Web Application Security