Stack Overflow
Stack Overflow

Questions tagged [bluemix-app-scan]

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance.

HCL AppScan on Cloud is a service by IBM for application security scan. It replaces earlier Application Security on Cloud by Bluemix and Appscan Dynamic Analyzer and also includes Mobile analyzer.

39 questions
11
votes
4 answers

kubernetes deployment- container not starting- error- InvalidImageName

Below is the Kubernetes deployment yaml file -container image section: image: https://registry.ng.bluemix.net/****/test-service:test-branch-67 imagePullPolicy: Always Below is the error message after deploying: ubuntu@ip-xxxx:~$ kubectl logs…
Raj kumar
  • 131
  • 1
  • 1
  • 10
4
votes
1 answer

IBM AppScan - Missing Secure Attribute in Encrypted Session (SSL) Cookie

We have got an Missing Secure Attribute in Encrypted Session (SSL) Cookie issue for primefaces.download based on IBM App Scan DSAT test. Primefaces version is 7.0 Sample Example :…
Ravi
  • 391
  • 2
  • 18
4
votes
1 answer

Cross Site Request Forgery prevention via 'Referer' header

We recently received result from IBM AppScan DAST and some of the result don't make much senses. 2.Medium -- Cross-Site Request Forgery Risk(s): It may be possible to steal or manipulate customer session and cookies, which might be used to…
Ravi
  • 391
  • 2
  • 18
3
votes
1 answer

IBM AppScan - Blind SQL Injection (Time Based) - JSF 2.2 & Primefaces - JBOSS 7.2 EAP

Orginal Post IBM AppScan We recently received result from IBM AppScan DAST and some of the result don't make much senses. High -- Blind SQL Injection (Time Based) Parameter: form:propertyTree:0:j_idt126 Risk(s): It is possible to view, modify or…
Ravi
  • 391
  • 2
  • 18
3
votes
0 answers

Signalr poll request manipulated from POST to GET vulnerability

In my web application i am using signalR. SignalR connection is using the longpolling transport, which is making the POST request to the server and passing parameters in the query string. Now i scanned my application using the IBM app scan tool. The…
Ashish Shukla
  • 1,239
  • 12
  • 23
2
votes
0 answers

APPSACAN: Authentication.Credentials.Unprotected

I did a scan with the APPSCAN to an application, and the report says there's a vulnerability called:"Authentication. Credentials. Unprotected" and it's in that method: public string CrearSeguimientoCertificador(string UsuarioServicio, string…
Luis Gonzalez
  • 21
  • 1
2
votes
1 answer

A "No such file or directory" error occurs with the appscan.sh command

I am trying to generate .irx file using SAClientUtil.6.0.1142 in a Linux machine. However, when I execute the appscan.sh prepare -c -d command, it throws an error like: SAClientUtil.6.0.1142/bin/appscan.sh: line…
Mounika
  • 19
  • 4
2
votes
1 answer

SSL certificate propagation issue with custom domain on Bluemix app

I uploaded my SSL certificate in the section of my custom domain in the space of my organization. I linked the domain with my application and I have created the CNAME record in my DNS to my broken app xxxxx-gb.bluemix.net .eu. When I try to reach…
jay
  • 1,453
  • 1
  • 11
  • 30
1
vote
0 answers

tag in AppScanConfig.xml is not excluding the directory during App Scan

I followed the App Scan Doc to exclude node_modules directory when scanning a project but it doesn't work AppScanConfig.xml *
ankitj
  • 335
  • 4
  • 13
1
vote
0 answers

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“style-src”). on Firefox

I have my CSP added as below in my code res.header('Content-Security-Policy', "default-src 'self' ; style-src 'self' '';" + "script-src 'self' '';" + "font-src 'self' data: fonts.gstatic.com;" + …
Rani Agrawal
  • 39
  • 1
  • 6
1
vote
0 answers

AppScan Source scan has 143 findings for a Cordova Android project

I am working on a Cordova Application (Cordova 7.0.1) and am required to run a Source Scan on the Mobile App by our company's security team. I decided to create the Cordova Android (cordova-android 6.3.0) project and run the Source Scan on that. The…
Chris Lang
  • 384
  • 2
  • 19
1
vote
1 answer

Are ResultSet update{ColumnType} methods vulnerable to SQL injection?

A security scan made by AppScan source flags that the input has to be validated (Validation.Required) on the line uprs.updateString in the code below: PreparedStatement statement = conn.prepareStatement (query,…
Jose Cifuentes
  • 596
  • 6
  • 21
1
vote
0 answers

Configure glass box in AppScan standard

I would like to configure a glass box agent in JBoss application server. However when l install the glass box's agent, as soon as l arrive to this section and click next. enter image description here I always have this error: enter image description…
Syllaba Abou Ndiaye
  • 213
  • 1
  • 7
  • 21
0
votes
0 answers

request.write(req.body) - "Cross-Site Scripting"(XSS) vulnerability

In my Angular application, I use the nodejs function request.write(req.body); to write requests. Actually, this functionality and requests are working as intended, however there is a "Cross-Site Scripting" (XSS) vulnerability. I looked for…
Roy
  • 880
  • 7
  • 21
  • 39
0
votes
1 answer

IBM AppScan identified a password parameter that was received in the query string meaning

I am trying to fix the issues in IBM AppScan results and I\m getting the flag: AppScan identified a password parameter that was received in the query string with this command showing in the screen GET…
Ibrahim Rahhal
  • 323
  • 2
  • 9
1
2 3