Features and Benefits
IT auditors and compliance officers are looking for a process to test Web application security controls so that their Web applications are not exposed to vulnerabilities that can be exploited by hackers. AppScan® Standard Edition automates vulnerability testing, so customers can integrate security testing into the Web application development process for new or existing applications.
IBM Rational AppScan Standard Edition is an industry-leading Web application security testing solution that includes: 1.) Dynamic analysis (black box testing)to test for all common web application vulnerabilities, 2.) glass box testing for run-time analysis – a form of integrated application security testing (IAST), and 3.) Static analysis (white box testing) of JavaScript to identify client-side vulnerabilities.
Identifies web application vulnerabilities including all relevant WASC TCv2 threat classes, such as SQL-Injection, Cross-Site Scripting and Buffer Overflows
Includes new glass box analysis for run-time analysis that adds an internal agent to the application to monitor behavior during a dynamic scan and deliver new benefits such as: full coverage of OWASP Top 10 threats and line of code details for specific vulnerabilities to match proof of exploit with the precise defect that created the vulnerability
Applies static taint analysis with JavaScript Security Analyzer to identify client-side security issues, such as DOM-based cross site scripting, code injection, Open Redirect, CSRF Bypass, Dual Session, Port Manipulation and Protocol Manipulation
Provides broad application coverage for Web 2.0/Rich Internet Applications with support for AJAX, Adobe Flash/Flex, etc.
Includes enhanced support for Web Services and Service Oriented Architecture including SOAP and XML
Includes advanced testing utilities to expand custom security testing by combining the power of AppScan with Pyscan scripts for more powerful and more efficient manual testing
Generates advanced remediation capabilities including a comprehensive task list to ease vulnerability remediation
Simplifies security testing for non-security professionals by building scanning intelligence directly into the application
Features over 40 out-of-the-box compliance reports including PCI Data Security Standards, ISO 17799, ISO 27001, Basel II, SB 1386 and PABP (Payment Application Best Practices)
Simplified scan results through the new Results Expert wizard, further simplifying the process of interpreting scan results through scan-specific descriptions and straight forward explanations of each issue
Integrates with defect tracking systems, such as Rational Team Concert, Rational ClearQuest and HP Quality Center
