Rational AppScan Express Edition

IBM Rational AppScan® Express Edition brings the benefits of our flagship AppScan® Standard Edition to the mid-market. AppScan® Express Edition enables small or mid-sized organizations to adopt web application security with a cost-effective solution that automates Web application security testing. Whether you currently perform vulnerability testing in-house or outsource your vulnerability testing, Rational AppScan® Express can dramatically reduce the time needed to perform a thorough vulnerability assessment of your applications. By enabling you to evaluate your Web security posture on an ongoing basis, as opposed to quarterly or yearly audits, the software can yield much higher levels of security, while dramatically reducing costs.

IBM Rational AppScan® Express Edition is an industry leading web application security testing tool that scans and tests for all common web application vulnerabilities – including those identified in the WASC threat classification – such as SQL-Injection, Cross-site Scripting and Buffer Overflow.

• Provides broad application coverage, including Web 2.0/Ajax applications

• Generates advanced remediation capabilities including a comprehensive task list to ease vulnerability remediation

• Simplifies security testing for non-security professionals by building scanning intelligence directly into the application

• Features over 40 out-of-the-box compliance reports including PCI Data Security Standards, ISO 17799, ISO 27001, Basel II, SB 1386 and PABP (Payment Application Best Practices)

New and updated features in V7.8 provide sophisticated security that simplifies testing of complex Web environments.
Highlights of IBM Rational AppScan® Express Edition V7.8 Include:

• Support for next generation Web applications including the ability to scan complex Java and Adobe Flash-based sights for both traditional Web vulnerabilities as well as technology specific threats such as Cross-site Flashing threats

• Enhanced support for Web Services with the ability to interact with Mega Script, Encoded URLs, and Web Portals utilizing widget-based pages

• Simplified scan results through the new Results Expert wizard, further simplifying the process of interpreting scan results through scan-specific descriptions and straight forward explanations of each issue

• Other Enhancements including IPv6 support, expanded language support, new scan templates, and performance improvements