IBM Rational AppScan

"The need for web application security has never been greater. There are 1.4 billion people who have access to hundreds of millions of websites generating US$6.9 trillion in worldwide Internet eCommerce. Most of those websites are potential cash machines for attackers. Some estimates are that over 80% of websites have at least one serious vulnerability. IDC research indicates that at least 25% of all enterprises have been exploited through a web application flaw. A majority of websites also have hosted malicious content or contained a masked redirect to a malicious site. To uncover and remedy these vulnerabilities, organisations turn to web application vulnerability assessment products, such as IBM's Rational AppScan. For nearly a decade, AppScan has been at the forefront of the market with technologically advanced solutions, and as the market's leading product."

Charles Kolodgy, Research Director, Secure Products, IDC IDC Vendor Spotlight: IBM Rational AppScan

IT auditors and compliance officers are looking for a process to test Web application security controls so that their Web applications are not exposed to vulnerabilities that can be exploited by hackers. AppScan helps them by integrating vulnerability testing into the Web application development process for new or existing applications. AppScan provides mechanisms to periodically test against known vulnerabilities.

IBM Rational AppScan is an industry-leading Web application security testing tool that scans and tests for all common web application vulnerabilities - including those identified in the WASC threat classification, such as SQL-Injection, Cross-Site Scripting and Buffer Overflow.

IBM Rational AppScan Functionality

• Provides broad application coverage, including Web 2.0/Ajax applications
• Generates advanced remediation capabilities including a comprehensive task list to ease vulnerability remediation
• Simplifies security testing for non-security professionals by building scanning intelligence directly into the application, even in complex Web environments
• Features over 40 out-of-the-box compliance reports including PCI Data Security Standards, ISO 17799, ISO 27001, Basel II, SB 1386 and PABP (Payment Application Best Practices)
• Supports next generation Web applications including the ability to scan complex Java and Adobe Flash-based sights for both traditional Web vulnerabilities as well as technology specific threats such as Cross-site Flashing threats
• Supports Web Services with the ability to interact with Mega Script, Encoded URLs, and Web Portals utilizing widget-based pages
• Results Expert wizard simplifies the process of interpreting scan results through scan-specific descriptions and straight forward explanations of each issue

 

Related Information

AppScan: Overview Document

Enhancing web application security. Find out how AppScan can be used across the development lifecycle to increase visibility and control - helping to address the critical challenge of application security.

AppScan Overview

AppScan: Analyst Report

IDC Vendor Spotlight: Benefits of IBM Rational AppScan. Find out about market trends in Web Application Vulnerability Assessment (WAVA), economic benefits and how AppScan stacks up.

IDC Report

Copyright © 2011 Advent One         Home   |  About Us   |  Solutions   |  Clients   |  Partners   |  News   |  Contact Us   |     |