IBM Security AppScan Standard V8.6 web security application assessment scanner finds more vulnerabilities with enhanced accuracy and ease of use

IBM United States Software Announcement 212-275
August 21, 2012


Table of contents
Overview Overview Publications Publications
Key prerequisites Key prerequisites Technical information Technical information
Planned availability date Planned availability date Ordering information Ordering information
Description Description Terms and conditions Terms and conditions
Product positioning Product positioning Prices Prices
Program number Program number Order now Order now


Top rule
At a glance
Bottom rule

IBM® Security AppScan® Standard V8.6 delivers:

For ordering, contact Your IBM representative or an IBM Business Partner.
For more information contact the Americas Call Centers at
800-IBM-CALL (426-2255).
 
Reference: YE001


Back to topBack to top
 
Top rule
Overview
Bottom rule

IBM Security AppScan Standard V8.6 is a industry-leading desktop solution that is designed for security teams to perform Dynamic Application Security Testing (DAST) of web applications and web services for all relevant Web Application Security Consortium Threat Classification version 2 (WASC TCv2) threat classes, such as SQL-Injection, Cross-Site Scripting, and Buffer Overflows. With IBM Security AppScan Standard, you can:



Back to topBack to top
 
Top rule
Key prerequisites
Bottom rule

For details, refer to the Hardware requirements and the Software requirements sections.



Back to topBack to top
 
Top rule
Planned availability date
Bottom rule



Back to topBack to top
 
Top rule
Description
Bottom rule

The most efficient way to stay ahead of application security vulnerabilities is to build software securely, from the ground up. The challenge is that the majority of developers are not security experts, and secure coding is historically not identified as a priority. As a result, web-based and non-web-based applications alike continue to be deployed with vulnerabilities ready for exploitation, putting sensitive data at risk of a breach.

The onerous task of vulnerability identification and remediation cannot be successfully addressed by limited IT security resources. The best way to engage development in the process of application security is to provide tools that fit into the existing environment and workflow, and that generate results in an understandable language. The IBM Security AppScan portfolio provides a number of offerings that enable application security testing across the full application lifecycle.

IBM Security AppScan Portfolio:

What is new

IBM Security AppScan Standard delivers:

Accessibility by people with disabilities

A US Section 508 Voluntary Product Accessibility Template (VPAT) containing details on accessibility compliance can be requested at

http://www.ibm.com/able/product_accessibility/index.html


Back to topBack to top
 
Top rule
Product positioning
Bottom rule

IBM Security AppScan helps development, quality assurance, and security teams evaluate, understand, prioritize, and resolve security issues. IBM Security AppScan is designed to significantly reduce the business risks related to web application vulnerabilities that can be exploited by hackers to attack a site.



Back to topBack to top
 
Top rule
Program number
Bottom rule

 
Program              Program
number      VRM      name
 
5724-T59    8.6.0    IBM Security AppScan Standard


Back to topBack to top
 
Top rule
Education support
Bottom rule

Comprehensive education for IBM products is offered through Worldwide Education Delivery Services. A wide range of training options are available, including classes led by instructors, learning on demand, on-site training, and blended learning solutions.

For additional information, visit

http://www.ibm.com/training


Back to topBack to top
 
Top rule
Offering Information
Bottom rule

Product information is available via the Offering Information website

http://www.ibm.com/common/ssi

Also, visit the Passport Advantage® website

http://www.ibm.com/software/passportadvantage


Back to topBack to top
 
Top rule
Publications
Bottom rule

No publications are shipped with these programs.

The IBM Publications Center is available at

http://www.ibm.com/shop/publications/order

The Publications Center is a worldwide central repository for IBM product publications and marketing material with a catalog of 70,000 items. Extensive search facilities are provided. Payment options for orders are via credit card (in the US) or customer number for 20 countries. A large number of publications are available online in various file formats, and they can all be downloaded by all countries, free of charge.



Back to topBack to top
 
Top rule
Technical information
Bottom rule

Specified operating environment

Hardware requirements

IBM Security AppScan Standard V8.6

Disk space: Approximately 30 GB of available hard disk space
Memory: 3 GB of RAM or more recommended
NIC network driver: 1 NIC 100 Mbps for network communication with configured TCP/IP
Processor: Core 2 Duo 2 GHz (or equivalent)
Software requirements

For IBM Security AppScan Standard V8.6 software requirements, access

http://www.ibm.com/support/docview.wss?uid=swg27024155

The program's specifications and specified operating environment information may be found in documentation accompanying the program, if available, such as a readme file, or other information published by IBM , such as an announcement letter. Documentation and other program content may be supplied only in the English language.

Planning information

Software Subscription and Support (also referred to as Software Maintenance) is included with licenses purchased through Passport Advantage and Passport Advantage Express® . Product upgrades and technical support are provided by the Software Subscription and Support (Software Maintenance) offering as described in the Agreements. Product upgrades provide the latest versions and releases to entitled software, and technical support provides voice and electronic access to IBM support organizations, worldwide.

IBM includes one year of Software Subscription and Support (also referred to as Software Maintenance) with each program license acquired. The initial period of Software Subscription and Support (Software Maintenance) can be extended by the purchase of a renewal option, if available.

Packaging

IBM Security AppScan Standard is distributed with:

This program, when downloaded from a website, contains the applicable IBM license agreement and License Information, if appropriate, and will be presented for acceptance at the time of installation of the program. For future reference, the license and License Information will be stored in a directory such as LICENSE.TXT.

Security, auditability, and control

IBM Security AppScan Standard V8.6 uses the security and auditability features of the operating system software. The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.



Back to topBack to top
 
Top rule
Software Services
Bottom rule

IBM Software Services has the breadth, depth, and reach to manage your services needs. You can leverage the deep technical skills of our lab-based, software services team and the business consulting, project management, and infrastructure expertise of our IBM Global Services team. Also, we extend our IBM Software Services reach through IBM Business Partners to provide an extensive portfolio of capabilities. Together, we provide the global reach, intellectual capital, industry insight, and technology leadership to support a wide range of critical business needs.

To learn more about IBM Software Services or to contact a Software Services sales specialist, visit

http://www.ibm.com/software/sw-services/


Back to topBack to top
 
Top rule
Licensing metric definitions
Bottom rule

Licensing metric definitions

Authorized User Single Install

Authorized User Single Install is a unit of measure by which the program can be licensed. An Authorized User is a unique person who is given access to the program. An Install is an installed copy of the program on a physical or virtual disk made available to be executed on a computer. The program may be installed on any number of computers or servers, but if the Authorized User has accessed or has access to more than one Install of the program, the Authorized User requires a separate entitlement for each such Install. Licensee must obtain separate, dedicated entitlements for each Authorized User given access to the program on each Install in any manner directly or indirectly (for example, via a multiplexing program, device, or application server) through any means. An entitlement for an Authorized User is unique to that Authorized User and may not be shared, nor may it be reassigned other than for the permanent transfer of the Authorized User entitlement to another person.

Floating User Single Install

Floating User Single Install is a unit of measure by which the program can be licensed. A Floating User is a person who is accessing the program at any particular point in time. An Install is an installed copy of the program on a physical or virtual disk made available to be executed on a computer. The program may be installed on any number of computers or servers, but if the Floating User simultaneously accesses more than one Install of the program, the Floating User requires a separate entitlement for each such Install. Licensee must obtain separate entitlements for each Floating User simultaneously accessing the program on each Install in any manner directly or indirectly (for example: via a multiplexing program, device, or application server) through any means.

Install

Install is a unit of measure by which the program can be licensed. An Install is an installed copy of the program on a physical or virtual disk made available to be executed on a computer. Licensee must obtain an entitlement for each Install of the program.



Back to topBack to top
 
Top rule
Ordering information
Bottom rule

This product is only available via Passport Advantage . It is not available as shrinkwrap.

 
Product group: IBM Security
  Product Identifier Description                             (PID)
 
  IBM Security AppScan Standard V8.6                         5724-T59
 
Product category: IBM Security AppScan

Refer to the Basic license section for trade-up information.

Passport Advantage customer: Media pack entitlement details

Customers with active maintenance or subscription for the products listed are entitled to receive the corresponding media pack.

 
Media packs
description                                          Part number
 
IBM Security AppScan Standard V8.6                   BT0H3ML

Current licensees

New licensees

Orders for new licenses will be accepted now.

Shipment will begin on the planned availability date.

Basic license

Ordering information for Passport Advantage

Passport Advantage allows you to have a common anniversary date Software Subscription and Support (SW S&S) renewals, which can simplify management and budgeting for eligible new versions and releases (and related technical support) for your covered products. The anniversary date, established at the start of your Passport Advantage Agreement, will remain unchanged while your Passport Advantage Agreement remains in effect. New software purchases will initially include twelve full months of Software Subscription and Support (also referred to as Software Maintenance). Software Subscription and Support in the second year (the first year of renewal) can be prorated to be coterminous with your common anniversary date. Thereafter, all Software Subscription and Support (Software Maintenance) will renew at the common anniversary date for twelve full months of Software Subscription and Support (Software Maintenance).

Refer to the IBM International Passport Advantage Agreement and to the IBM Software Support Handbook for specific terms relating to, and a more complete description of, technical support provided through Software Subscription and Support (Software Maintenance).

The quantity to be specified for the Passport Advantage part numbers in the following table is per required number of Authorized User Single Install, Floating User Single Install and Install. To order for Passport Advantage , specify the desired part number and quantity.

Description                                                 Part number

IBM Security AppScan Standard (5724-T59)
IBM Security AppScan Standard                               E0D71LL
Per Authorized User Single Install Annual SW S&S Rnwl
IBM Security AppScan Standard                               D0N1KLL
Per Authorized User Single Install Lic + SW S&S 12 Mo
IBM Security AppScan Standard                               D0N1LLL
Per Authorized User Single Install SW S&S Reinstate 12
IBM Security App Scan Standard for System Z                 D0N1MLL
Authorized User Single Install License +
SW Subscription & Support 12 Months
IBM Security App Scan Standard for System Z                 D0N1NLL
Authorized User Single Install
SW Subscription & Support Reinstatement 12 Months
IBM Security App Scan Standard for System Z                 E0D72LL
Authorized User Single Install Annual
SW Subscription & Support Renewal 12 Months
IBM Security AppScan Standard                               E046DLL
Per Floating User Single Inst Annual SW S&S Rnwl
IBM Security AppScan Standard                               D61SYLL
Per Floating User Single Inst Lic + SW S&S 12 Mo
IBM Security AppScan Standard                               D61SZLL
Per Floating User Single Inst SW S&S Reinstate 12
IBM Security AppScan Standard for System z®                 E046ELL
Floating User Single Install
Annual SW Maintenance Renewal
IBM Security AppScan Standard for System z                  D61T0LL
Floating User Single Install
License + SW Maintenance 12 Months
IBM Security AppScan Standard for System z                  D61T1LL
Floating User Single Install
SW Maintenance Reinstatement 12 Months
Fixed term licenses
IBM Security AppScan Standard Floating User                 D040CLL
Single Install Initial Fixed Term License +
SW Subscription & Support 12 Months
IBM Security AppScan Standard                               E04SDLL
Per Floating User Single Install Subsq FT Lic+S&S 12
IBM Security  AppScan Standard for System Z                 D0NEKLL
Floating User Single Install
Initial Fixed Term License +
SW Subscription & Support 12 Months
IBM Security  AppScan Standard for System Z                 E0DBCLL
Floating User Single Install
Subsequent Fixed Term License +
SW Subscription & Support 12 Months
IBM Security  App Scan Standard Authorized User             D0N1PLL
Single Install Initial
Fixed Term License + SW Subscription & Support 12 Months
IBM Security App Scan Standard Authorized User              E0D73LL
Single Install Subsequent
Fixed Term License + SW Subscription & Support 12 Months
IBM Security App Scan Standard for System Z                 D0N1QLL
Authorized User Single Install Initial Fixed Term License
+ SW Subscription & Support 12 Months
IBM Security App Scan Standard for System Z                 E0D74LL
Authorized User Single Install Subsequent
Fixed Term License + SW Subscription & Support 12 Months

To order a media pack for Passport Advantage , specify the part number in the desired quantity from the following table:

Description                                            Part number

IBM Security AppScan Standard V8.6                     BT0H3ML

Passport Advantage trade up

You must have previously acquired licenses for the following precursor products to be eligible to acquire equivalent licenses of the trade-up products.

Trade-up product from                                      Trade-up
precursor product description                              part number
 
IBM Security AppScan Standard                              D053YLL
Floating User Single Install FROM
IBM Security AppScan Standard Auth User Single Install
Trade-up License + SW Subscription & Support 12 Months
IBM Security AppScan Standard for System Z                 D053XLL
Floating User Single Install FROM
IBM Security AppScan Standard Auth User Single Install
Trade-up License + SW Subscription & Support 12 Months 

Consult your IBM representative if you have any questions.

IBM Security AppScan Standard is also available, via web download, from Passport Advantage .

Subscription and Support

Subscription and Support must be ordered to receive voice technical support via telephone during normal business hours, and future releases and versions, at no additional charge. The capacity of Subscription and Support (for example, Processor Value Units or terabytes) must be the same as the capacity ordered for the product licenses.

To order, specify the Subscription and Support program product number and the appropriate license or charge option.

IBM is also providing Subscription and Support for these products, via a separately purchased offering, under the terms of the IBM International Agreement for Acquisition of Support Maintenance. This offering:

When Subscription and Support is ordered, the charges will automatically renew annually unless cancelled by you.



Back to topBack to top
 
Top rule
Terms and conditions
Bottom rule

The information provided in this announcement letter is for reference and convenience purposes only. The terms and conditions that govern any transaction with IBM are contained in the applicable contract documents such as the IBM International Program License Agreement, IBM International Passport Advantage Agreement, and the IBM Agreement for Acquisition of Software Maintenance.

This product is only available via Passport Advantage . It is not available as shrinkwrap.

Licensing

IBM International Program License Agreement including the License Information document and Proof of Entitlement (PoE) govern your use of the program. PoEs are required for all authorized use. Part number products only, offered outside of Passport Advantage , where applicable, are license only and do not include Software Maintenance.

This software license includes Software Subscription and Support (also referred to as Software Maintenance).

These programs are licensed under the IBM Program License Agreement (IPLA) and the associated Agreement for Acquisition of Software Maintenance, which provide for support with ongoing access to releases and versions of the program. IBM includes one year of Software Subscription and Support (also referred to as Software Maintenance) with the initial license acquisition of each program acquired. The initial period of Software Subscription and Support (also referred to as Software Maintenance) can be extended by the purchase of a renewal option, if available. These programs have a one-time license charge for use of the program and an annual renewable charge for the enhanced support that includes telephone assistance (voice support for defects during normal business hours), as well as access to updates, releases, and versions of the program as long as support is in effect.

License Information form number

IBM Security AppScan Standard (5724-T59): L-LARS-8SPK84

The program's License Information will be available for review on the IBM Software License Agreement website

http://www.ibm.com/software/sla/sladb.nsf
Limited warranty applies

Yes

Limited warranty

IBM warrants that when the program is used in the specified operating environment, it will conform to its specifications. The warranty applies only to the unmodified portion of the program. IBM does not warrant uninterrupted or error-free operation of the program or that IBM will correct all program defects. You are responsible for the results obtained from the use of the program.

IBM provides you with access to IBM databases containing information on known program defects, defect corrections, restrictions, and bypasses at no additional charge. For further information, consult the IBM Software Support Handbook found at

http://www.ibm.com/support/handbook

IBM will maintain this information for at least one year after the original licensee acquires the program (warranty period).

Program technical support

Technical support of a program product version or release will be available for a minimum of five years from the general availability date, as long as your Software Subscription and Support (also referred to as Software Maintenance) is in effect. This technical support allows you to obtain assistance (via telephone or electronic means) from IBM for product-specific, task-oriented questions regarding the installation and operation of the program product. Software Subscription and Support (Software Maintenance) also provides you with access to updates (modifications or fixes), releases, and versions of the program. You will be notified, via announcement letter, of discontinuance of support with 12 months' notice. If you require additional technical support from IBM , including an extension of support beyond the discontinuance date, contact your IBM representative or IBM Business Partner. This extension may be available for a fee.

Money-back guarantee

If for any reason you are dissatisfied with the program and you are the original licensee, you may obtain a refund of the amount you paid for it, if within 30 days of your invoice date you return the program and its PoE to the party from whom you obtained it. If you downloaded the program, you may contact the party from whom you acquired it for instructions on how to obtain the refund.

For clarification, note that (1) for programs acquired under the IBM International Passport Advantage offering, this term applies only to your first acquisition of the program and (2) for programs acquired under any of IBM's On/Off Capacity on Demand (On/Off CoD) software offerings, this term does not apply since these offerings apply to programs already acquired and in use by you.

Other terms
Volume orders (IVO)

No

IBM International Passport Advantage Agreement
Passport Advantage applies

Yes, and through the Passport Advantage website at

http://www.ibm.com/software/passportadvantage
Usage restriction

Yes. For information, refer to the License Information document that is available on the IBM Software License Agreement website

http://www.ibm.com/software/sla/sladb.nsf
Software Subscription and Support applies

Yes. Software Subscription and Support (also referred to as Software Maintenance) is included with licenses purchased through Passport Advantage and Passport Advantage Express . Product upgrades and Technical Support are provided by the Software Subscription and Support offering as described in the Agreements. Product upgrades provide the latest versions and releases to entitled software and Technical Support provides voice and electronic access to IBM support organizations, worldwide.

IBM includes one year of Software Subscription and Support with each program license acquired. The initial period of Software Subscription and Support can be extended by the purchase of a renewal option, if available.

While your Software Subscription and Support is in effect, IBM provides you assistance for your routine, short duration installation and usage (how-to) questions, and code-related questions. IBM provides assistance via telephone and, if available, electronic access, only to your information systems (IS) technical support personnel during the normal business hours (published prime shift hours) of your IBM support center. (This assistance is not available to your end users.) IBM provides Severity 1 assistance 24 hours a day, 7 days a week. For additional details, consult your IBM Software Support Handbook at

http://www.ibm.com/support/handbook

Software Subscription and Support does not include assistance for the design and development of applications, your use of programs in other than their specified operating environment, or failures caused by products for which IBM is not responsible under the applicable agreements.

For additional information about the International Passport Advantage Agreement and the IBM International Passport Advantage Express Agreement, visit the Passport Advantage website at

http://www.ibm.com/software/passportadvantage
System i Software Maintenance applies

No

Variable charges apply

No

Educational allowance available

Not applicable.



Back to topBack to top
 
Top rule
Statement of good security practices
Bottom rule

IT system security involves protecting systems and information through prevention, detection, and response to improper access from within and outside your enterprise. Improper access can result in information being altered destroyed or misappropriated or can result in misuse of your systems to attack others. Without a comprehensive approach to security, no IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products, or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party.



Back to topBack to top
 
Top rule
IBM Electronic Services
Bottom rule

IBM has transformed its delivery of hardware and software support services to help you achieve higher system availability. Electronic Services is a web-enabled solution that offers an exclusive, no-additional-charge enhancement to the service and support available for IBM servers. These services are designed to provide the opportunity for greater system availability with faster problem resolution and preemptive monitoring. Electronic Services comprises two separate, but complementary, elements: Electronic Services news page and Electronic Services Agent.

The Electronic Services news page is a single Internet entry point that replaces the multiple entry points traditionally used to access IBM Internet services and support. The news page enables you to gain easier access to IBM resources for assistance in resolving technical problems.

The Electronic Service Agent™ is no-additional-charge software that resides on your server. It monitors events and transmits system inventory information to IBM on a periodic, client-defined timetable. The Electronic Service Agent automatically reports hardware problems to IBM . Early knowledge about potential problems enables IBM to deliver proactive service that may result in higher system availability and performance. In addition, information collected through the Service Agent is made available to IBM service support representatives when they help answer your questions or diagnose problems. Installation and use of IBM Electronic Service Agent for problem reporting enables IBM to provide better support and service for your IBM server.

To learn how Electronic Services can work for you, visit

http://www.ibm.com/support/electronic


Back to topBack to top
 
Top rule
Prices
Bottom rule

Business Partner information

If you are an IBM Business Partner -- Distributor for Workstation Software acquiring products from IBM , you may link to Passport Advantage Online for resellers where you can obtain Business Partner pricing information. An IBM ID and password are required.

https://www.ibm.com/software/howtobuy/passportadvantage/paoreseller

Information on charges is available at website

http://www.ibm.com/support

In the Electronic tools category, select the option for Purchase/upgrade tools.

Passport Advantage

For Passport Advantage and charges, contact your IBM representative or your authorized IBM Business Partner. Additional information is also available at

http://www.ibm.com/software/passportadvantage


Back to topBack to top
 
Top rule
Order now
Bottom rule

To order, contact your local IBM representative or your IBM Business Partner.

To identify your local IBM Business Partner or IBM representative, call 800-IBM-4YOU (426-4968). For more information, contact the Americas Call Centers.

 
Phone:     800-IBM-CALL (426-2255)
Fax:       800-2IBM-FAX (242-6329)
 
 For IBM representative: callserv@ca.ibm.com
 

 For IBM Business Partner: pwswna@us.ibm.com
 
Mail:      IBM Teleweb Customer Support
           ibm.com® Sales Execution Center, Americas North
           3500 Steeles Ave. East, Tower 3/4
           Markham, Ontario
           Canada  L3R 2Z1
 
Reference: YE001
 

The Americas Call Centers, our national direct marketing organization, can add your name to the mailing list for catalogs of IBM products.

Note: Shipments will begin after the planned availability date.

Trademarks

Electronic Service Agent is a trademark of IBM Corporation in the United States, other countries, or both.

IBM, AppScan, Passport Advantage, Express, System z and ibm.com are registered trademarks of IBM Corporation in the United States, other countries, or both.

Adobe is a trademark of Adobe Systems Incorporated in the United States, and/or other countries.

Other company, product, and service names may be trademarks or service marks of others.

Terms of use

IBM products and services which are announced and available in your country can be ordered under the applicable standard agreements, terms, conditions, and prices in effect at the time. IBM reserves the right to modify or withdraw this announcement at any time without notice. This announcement is provided for your information only. Additional terms of use are located at

http://www.ibm.com/legal/us/en/

For the most current information regarding IBM products, consult your IBM representative or reseller, or visit the IBM worldwide contacts page

http://www.ibm.com/planetwide/us/