Rational App Scan

AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. Appscan was merged into IBM's Rational division after IBM purchased it's original developer (Watchfire) in 2007.

IT auditors and compliance officers are looking for a process to test Web application security controls so that their Web applications are not exposed to vulnerabilities that can be exploited by hackers. AppScan® Standard Edition helps customers by integrating vulnerability testing into the Web application development process for new or existing applications. AppScan provides mechanisms to periodically test against known vulnerabilities.

IBM Rational AppScan Standard Edition is an industry-leading Web application security testing tool that scans and tests for all common web application vulnerabilities - including those identified in the WASC threat classification - such as SQL-Injection, Cross-Site Scripting and Buffer Overflow.

*Provides broad application coverage, including Web 2.0/Ajax applications

*Generates advanced remediation capabilities including a comprehensive task list to ease vulnerability remediation

*Simplifies security testing for non-security professionals by building scanning intelligence directly into the application

*Features over 40 out-of-the-box compliance reports including PCI Data Security Standards, ISO 17799, ISO 27001, Basel II, SB 1386 and PABP (Payment Application Best Practices)

New and updated features in V7.8 provide sophisticated security that simplify testing of complex Web environments.

Highlights of IBM Rational AppScan Standard Edition V7.8 Include:

*Support for next generation Web applications including the ability to scan complex Java and Adobe Flash-based sights for both traditional Web vulnerabilities as well as technology specific threats such as Cross-site Flashing threats

*Enhanced support for Web Services with the ability to interact with Mega Script, Encoded URLs, and Web Portals utilizing widget-based pages

*Simplified scan results through the new Results Expert wizard, further simplifying the process of interpreting scan results through scan-specific descriptions and straight forward explanations of each issue

*Other Enhancements including IPv6 support, expanded language support, new scan templates, and performance improvements

Download Requires registration and login at IBM's Rational Division Website