アプリケーションのぜい弱性を、ソースであるソフトウェア・コード内で特定
AppScan Source Edition は、ソース・コードを分析してセキュリティーのぜい弱性を特定すると同時に、セキュリティー・テストをソフトウェア開発のプロセスおよびシステムと統合します
AppScan Source Edition は、セキュリティー・テストをソフトウェア開発プロセスに統合すると同時に、セキュリティー・チームと開発チームがアプリケーション・セキュリティーを強化し、機密データを保護し、コンプライアンスを向上させるのに役立ちます。
- アプリケーション・ライフサイクルの初期段階に、ソース・コード内のセキュリティー上の欠陥に基づくデータ侵害リスクの根本原因を特定し修復します。
- 一貫性のあるポリシーを作成、配布、および適用し、中央集中化されたポリシーと評価のデータベースを使用して、企業全体にわたる測定基準とレポート作成を強化します。
- System z COBOL や SAP ABAP を含む広範な言語にわたる、幅広いポートフォリオの最大で最も複雑なアプリケーションに対応します。
- セキュリティー・ソース・コード分析をビルド・プロセス時の自動スキャンにシームレスに統合することにより、開発に自動化セキュリティーを組み込みます。
- セキュリティー・チームと開発チームとの間の情報の流れを自動化する、柔軟な優先度判定と修復の機能を提供することにより、チーム間のコラボレーションを促進します。
- セキュリティー要件を業務委託契約内に組み込み、Rational AppScan Source Edition を活用してその承諾基準が満たされていることを検証することにより、外部委託したアプリケーションを認定します。
- セキュリティー、開発、および修復の分野でのユーザーの特定のニーズに向けて設計されています。
- スキャン、優先度判定、セキュリティー・ポリシーの管理、およびぜい弱性検査の結果を修復に割り当てる作業の優先順位付けの機能をセキュリティー・チームに提供します
- 開発チーム用の開発者 IDE 内で、ぜい弱性を指摘し、迅速な修正のための正確で詳細な修復用のアドバイスを提供します。
- 開発チームがぜい弱性を確認して、適切なセキュリティー修正を適用できるようにすることで、修復を簡単にします。
- IDE とビルド自動化の両方からコード品質テストを組み込むことで、コーディング時にコード・レベルの品質欠陥を特定して、時間とコストの両方を節約します
製品について
ご購入 Rational AppScan Source Edition
初年度の IBM ソフトウェア・サブスクリプション & サポートは製品価格に含まれています。
ご購入には諸手続きが必要になりますので、弊社窓口までお問い合わせください。
Rational AppScan Source Edition is a static analysis security testing (SAST) solution that enables you to identify vulnerabilities within your source code, review data and call flows, and identify the threat exposure of each of your applications. Deployed throughout the software development lifecycle, Rational AppScan Source Edition software makes it easier for you to understand your threat exposure for audit and compliance purposes. Rational AppScan Source Edition software also helps facilitate a partnership between development and security teams by providing both groups with the information they need, when they need it.
Static application security testing (white box) that integrates with build automation to automatically scan source code with each build
IDE integrations that empower developers to scan their own code or simply access the results of other scans with remediation guidance that helps eliminate the security vulnerability
Integrates with AppScan Enterprise to add static analysis to the solution that integrates application security testing into the application lifecycle by driving governance and collaboration
Extensible Web application framework support that delivers unparalleled flexibility to support industry standard and custom application frameworks.
String Analysis, an IBM Research innovation, for automated identification of validation routines, which simplifies the user experience for developers.
Central repository for shared information, such as global security rules and filters
Vulnerability Matrix to instantly prioritize confirmed critical vulnerabilities with no false positives.
Automated project import facility that simplifies setup and configuration
Customizable report generator to help demonstrate compliance with industry regulations and best practices, including the OWASP Top 10 and PCI
Code quality testing from both IDE and build automation to identify code-level quality defects with key performance indicators that track code quality – as well as security
Cost-effective risk management from early identification and remediation of application vulnerabilities.
Industry-leading security knowledgebase helps ensure precise identification of vulnerabilities and remediation assistance.
With a few clicks, identify a confirmed vulnerability, add notes for the developer, and assign it through email or integration with your defect tracking system.
Reliably manage and measure risk across your portfolio of applications.
Reporting templates provide specific information to prove compliance with leading standards and regulations such as the OWASP Top 10 and the PCI Data Security Standard.
Seamlessly works within your chosen IDE, including Rational Application Developer, Eclipse, and Microsoft Visual Studio
Make enterprise-wide implementations practical and efficient with centralized “push-and-play” deployment
Click once to take you to the vulnerable line of code, straight from your IDE.
In-context remediation advice helps development organizations learn about the vulnerability and fix it, armed with advice from the industry’s most comprehensive software security knowledgebase with links to the Common Weakness Enumeration (CWE) community site
| Operating System | Software | Hardware |
|---|---|---|
| Microsoft Windows 7 Professional, Enterprise & Ultimate 32 and 64-bit (in 32-bit mode) Microsoft Windows XP Professional (SP2 and higher) Microsoft Windows Vista Business, Enterprise & Ultimate (SP1) 32 and 64-bit (in 32-bit mode) Microsoft Windows Server 2003 Enterprise (SP2, and higher) Microsoft Windows Server 2008 Enterprise RedHat Enterprise Linux 4.0 workstation & server RedHat Enterprise Linux 5.0, 6.0 (through Update 2) Workstation & Server 32 and 64-bit (in 32-bit mode) Solaris 9 (IBM Rational AppScan Source Edition for Automation only) Solaris 10 (IBM Rational AppScan Source Edition for Automation only) Microsoft Windows Server 2008 R2 Enterprise (in 32-bit mode) |
Project Files: Visual Studio 2005, Visual Studio 2008, Visual Studio 2010 (excluding C and C++), WebSphere Studio, Application Developer 5.1, Eclipse 3.1, 3.2, 3.3, 3.4, 3.5, 3.6 and 3.7, IBM Rational Application Developer V6.0, V7.0, V7.5, V8.0, V8.0.1, V8.0.2, and V8.0.3 Compilers: GNU compiler Collection (gcc), Visual Studio.NET (V7, Visual Studio .NET 2003 (V7.1), Visual Studio 2005 (V8) for Windows, Visual Studio 2008, Visual Studio 2010 (excluding C and C++), Sun Studio C and C++ Compilers for Linux and Solaris Language Support for Security Testing: Java™, ClientSide JavaScript, JSP, ColdFusion, C, C++, .NET (C#, ASP.NET, and VB.NET), Classic ASP, (JavaScript/VBScript), PHP, Perl, VisualBasic 6, PL/SQL, T-SQL, and COBOL Code Quality Scanning Support: Java, C/C++ (CLI only) on AppScan Source Edition supported Microsoft Window and Red Hat Enterprise Linux platforms lDEPlug-in support section: Eclipse versions 3.3, 3.4, 3.5, 3.6 and 3.7; IBM Rational Application Developer (RAD) V7.0, V7.5, V7.5.0.3, V8.0, V8.0.1, V8.0.2, and V8.0.3; Visual Studio 2005, Visual Studio 2008, and Visual Studio 2010 (excluding C and C++); RAD and Eclipse supports Java, Visual Studio supports C#, ASP.NET, and VB.NET Defect Tracking System support: IBM Rational ClearQuest® V7.0, V7.1.1, 7.1.2 and 8.0; HP Quality Center 9.2, 10.0, and 11.0; Rational Team Concert 2.0.0.2, 3.0 and 3.0.1; Microsoft Team Foundation Server 2008 and 2010 External Database Support: Oracle 10g and Oracle 11g License Server: Rational License Server Version 8.1.1 (if activating by floating license) |
Processor: Intel Pentium P4, 3.0 GHz or faster Memory: 2 GB RAM minimum Disk Space: 1.5 GB (2 GB required for installation) Network: 1 NIC 10 Mbps for network communication with configured TCP/IP (100 Mbps recommended) Drives: CD-ROM or DVD-ROM drive |
-
アプリケーション・セキュリティー
- Lotus Protector for Mail Security
- Rational AppScan Build Edition
- Rational AppScan Developer Edition
- Rational AppScan Enterprise Edition
- Rational AppScan Express Edition
- Rational AppScan OnDemand
- Rational AppScan Reporting Console
- Rational AppScan Standard Edition
- Rational AppScan Tester Edition
- Rational AppScan Source Edition
- Rational Virtual Forge CodeProfiler for AppScan Source Edition
- Tivoli Data and Application Security
- Tivoli Identity and Access Manager