7 IBM AppScan

This section has the following chapters:

  • AppScan_Source_Findings_in_Ozasmt_files_(and_O2_tools_to_View,_Filter,_Join,_Stitch_and_Script_them).md
  • Util-_Cir_Viewer(with_C#_DLL_converter)_v1.0.md

Table of Contents

7.1 AppScan Source Findings in Ozasmt files (and O2 tools to View, Filter, Join, Stitch and Script them)

If you are using AppScan Source (previously called OunceLabs) you will find these O2 Tools really useful:

Note that these modules are some of the oldest ones in O2 (created during really hard-core security review engagements during my OunceLabs time), and the APIs that support these modules are REALLY powerful (and allow the analysis of thousands or millions of Findings/Traces)

Most of the code that creates these tools is now on the O2.Platform.Scripts folder (see Findings_Filtering at GitHub)

**
**

**
**

Util - Simple Findings Viewer v1.0.exe

Supports the viewing of AppScan Source 8.x, 7.x and 6x *.ozasmt files (all the way back to the OunceLabs releases)

The C# REPL script environment can be used to view, edit, manipulate, join, stitch, delete or move Findings/Traces:

Util - Filter Findings by Source and Sink (RegEx) v1.0.exe

**
**

Easy way to script custom source-to-sink mappings:

**
**

**
**

PoC - Join Traces (on Attributes) - very basic version v1.0.exe
**
**Example of how to join/stitch Attributes, HashMaps and Getters/Setters (for example setAttributes with getAttributes)
**
**

7.2 Util - Cir Viewer (with C# DLL converter) v1.0

Here is an oldie one by still really effective.

I just rebuilt the O2’s CirViewer (CIR = Common Intermediate Representation (from the OunceLabs days)) as an easy to consume stand-alone tool which you can get from: Util - Cir Viewer (with C# DLL converter) v1.0.exe

There are a number of uses for this module, but one you can use to get a feel for it to to drop an .Net assembly (dll or exe) add take a look (you can also drop a folder)

Default view:
**
**

Showing all APIs used:

Viewing the ‘Who calls Who’ trees: