Rational AppScan Enterprise Edition

Strategic web application security

• Provides visibility into the security and regulatory compliance risks web applications present to your organization.
• Allows for scaling of auditing activities and helps ensure web applications are tested.
• Enables your organization to engage and educate your development and quality assurance (QA) teams, and implement security controls throughout the software development lifecycle to mitigate risk and reduce cost.
• Uses a combination of testing techniques to provide thorough, automated assessments.
• Provides collaboration capabilities and tools suitable for each stakeholder.

Comprehensive application scanning

• Provides a scalable enterprise architecture that enables scanning of multiple applications simultaneously.
• Scans websites for both embedded malware and links to malicious or undesirable sites to help ensure your website is not infecting visitors or directing them to unwanted or dangerous sites without their knowledge.
• Correlates results discovered using dynamic and static analysis techniques.
• Tests web services.

Enterprise-level reporting

• Provides visibility into the security and compliance risk presented by the identified security issues.
• Shows progress through performance metrics and trending.
• Provides flexible, detailed security issues reports that enable users to group and organize their report data in multiple ways.
• Delivers more than 40 security compliance reports, including PCI Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), ISO 27001 and ISO 27002, HIPAA, GLBA, and Basel II.
• Helps enforce test policies and provide governance with role-based reporting access and scan permissions.

Remediation

• Delivers advisories, fix recommendations and built-in training videos to facilitate the process of remediation after security vulnerabilities have been identified and validated.
• Provides issue management capabilities and integration with defect tracking systems.