Web application security

IBM Rational Web application security software helps IT and security professionals protect against the threat of attacks and data breaches. If you use applications to collect or exchange sensitive or personal data, your job as a security professional is harder now than ever before. Involving quality assurance and development in the security testing process results in higher-quality, more secure applications at a reasonable cost.

Rational offers a combination of static and dynamic Web application security testing solutions designed to provide the most comprehensive approach for assessing vulnerabilities in networked applications and critical Web sites. IBM Rational AppScan® can be used for Web application vulnerability scanning in all stages of development and by testers with or without security expertise.

Rational AppScan products provide:

• Static analysis security testing to identify vulnerabilities at the source
• Automated Web application scanning and testing for all common Web application vulnerabilities, including WASC threat classification - such as SQL-Injection, Cross-Site Scripting, and Buffer Overflow - and intelligent fix recommendations to ease remediation
• Detection of Website embedded Malware
• Broad application coverage, including integrated Web services scanning, JavaScript execution (including Ajax), and parsing
• Advanced remediation capabilities, including a comprehensive task list necessary to fix issues uncovered during the scan
• Over 40 standard security compliance reports, including PCI Data Security Standard, ISO 17799 and ISO 27001, HIPAA, GLBA, and Basel II