Rational AppScan Source Edition is a static analysis security testing (SAST) solution that enables you to identify vulnerabilities within your source code, review data and call flows, and identify the threat exposure of each of your applications. Deployed throughout the software development lifecycle, Rational AppScan Source Edition software makes it easier for you to understand your threat exposure for audit and compliance purposes. Rational AppScan Source Edition software also helps facilitate a partnership between development and security teams by providing both groups with the information they need, when they need it.
Features:
Static application security testing (white box) that integrates with build automation to automatically scan source code with each build
IDE integrations that empower developers to scan their own code or simply access the results of other scans with remediation guidance that helps eliminate the security vulnerability
Integrates with AppScan Enterprise to add static analysis to the solution that integrates application security testing into the application lifecycle by driving governance and collaboration
Extensible Web application framework support that delivers unparalleled flexibility to support industry standard and custom application frameworks.
String Analysis, an IBM Research innovation, for automated identification of validation routines, which simplifies the user experience for developers.
Central repository for shared information, such as global security rules and filters
Vulnerability Matrix to instantly prioritize confirmed critical vulnerabilities with no false positives.
Automated project import facility that simplifies setup and configuration
Customizable report generator to help demonstrate compliance with industry regulations and best practices, including the OWASP Top 10 and PCI
Code quality testing from both IDE and build automation to identify code-level quality defects with key performance indicators that track code quality – as well as security
Benefits:
Cost-effective risk management from early identification and remediation of application vulnerabilities.
Industry-leading security knowledgebase helps ensure precise identification of vulnerabilities and remediation assistance.
With a few clicks, identify a confirmed vulnerability, add notes for the developer, and assign it through email or integration with your defect tracking system.
Reliably manage and measure risk across your portfolio of applications.
Reporting templates provide specific information to prove compliance with leading standards and regulations such as the OWASP Top 10 and the PCI Data Security Standard.
Seamlessly works within your chosen IDE, including Rational Application Developer, Eclipse, and Microsoft Visual Studio
Make enterprise-wide implementations practical and efficient with centralized “push-and-play” deployment
Click once to take you to the vulnerable line of code, straight from your IDE.
In-context remediation advice helps development organizations learn about the vulnerability and fix it, armed with advice from the industry’s most comprehensive software security knowledgebase with links to the Common Weakness Enumeration (CWE) community site
