Desktop solution that combines advanced web application security testing with broad technology coverage and ease of use
Identify and remediate web application vulnerabilities to reduce application risk
Rational AppScan Standard Edition software scans and tests for vulnerabilities and security defects with a desktop solution that delivers advanced web application security testing, broad coverage of the latest Web 2.0 technologies and ease of use or clients to get fast, reliable results.
- Enables comprehensive automated testing of Web applications for vulnerabilities with a combination of dynamic application security testing (DAST) and advanced hybrid technologies including static taint analysis of client-side JavaScript and new glass box testing for run-time analysis.
- Automates dynamic (black box) security testing for emerging Web vulnerabilities including Web Services, Web 2.0 and Rich Internet Applications (JavaScript, Ajax and Adobe Flash).
- Includes new glass box analysis for run-time analysis – a form of integrated application security testing (IAST) – that adds an internal agent to the application to monitor behavior during a dynamic scan and deliver new benefits such as: full coverage of OWASP Top 10 threats and line of code details for specific vulnerabilities to match proof of exploit with the precise defect that created the vulnerability.
- Analyzes the source code of dynamically generated client-side JavaScript with JavaScript Security Analyzer for advanced static (white box) analysis of client-side security issues, such as DOM-based cross site scripting and code injection.
- Enables clients to quickly and easily get results with work flows, configuration wizards and Scan Expert.
- Includes vulnerability descriptions and remediation guidance with everyidentified vulnerability to assist security testers engage with developers and correct the underlying security defect.
- Scans Web sites for embedded malware and links to malicious or undesirable sites.
- Provides customization and extensibility with the AppScan eXtension Framework, which allows the user community to build and share open source add-ons.
- Includes regulatory compliance reporting templates with more than 40 out-of-the box compliance reports including PCI Data Security Standard, Payment Applications Data Security (PA-DSS) (new), ISO 27001 and ISO 27002 (new) and Basel II.
Learn more
Buy Rational AppScan Standard Edition
IBM Software Subscription and Support is included in the product price for the first year.
Download software online after purchase - no shipping costs!
Features and Benefits
IT auditors and compliance officers are looking for a process to test Web application security controls so that their Web applications are not exposed to vulnerabilities that can be exploited by hackers. AppScan® Standard Edition automates vulnerability testing, so customers can integrate security testing into the Web application development process for new or existing applications.
IBM Rational AppScan Standard Edition is an industry-leading Web application security testing solution that includes: 1.) Dynamic analysis (black box testing)to test for all common web application vulnerabilities, 2.) glass box testing for run-time analysis – a form of integrated application security testing (IAST), and 3.) Static analysis (white box testing) of JavaScript to identify client-side vulnerabilities.
Identifies web application vulnerabilities including all relevant WASC TCv2 threat classes, such as SQL-Injection, Cross-Site Scripting and Buffer Overflows
Includes new glass box analysis for run-time analysis that adds an internal agent to the application to monitor behavior during a dynamic scan and deliver new benefits such as: full coverage of OWASP Top 10 threats and line of code details for specific vulnerabilities to match proof of exploit with the precise defect that created the vulnerability
Applies static taint analysis with JavaScript Security Analyzer to identify client-side security issues, such as DOM-based cross site scripting, code injection, Open Redirect, CSRF Bypass, Dual Session, Port Manipulation and Protocol Manipulation
Provides broad application coverage for Web 2.0/Rich Internet Applications with support for AJAX, Adobe Flash/Flex, etc.
Includes enhanced support for Web Services and Service Oriented Architecture including SOAP and XML
Includes advanced testing utilities to expand custom security testing by combining the power of AppScan with Pyscan scripts for more powerful and more efficient manual testing
Generates advanced remediation capabilities including a comprehensive task list to ease vulnerability remediation
Simplifies security testing for non-security professionals by building scanning intelligence directly into the application
Features over 40 out-of-the-box compliance reports including PCI Data Security Standards, ISO 17799, ISO 27001, Basel II, SB 1386 and PABP (Payment Application Best Practices)
Simplified scan results through the new Results Expert wizard, further simplifying the process of interpreting scan results through scan-specific descriptions and straight forward explanations of each issue
Integrates with defect tracking systems, such as Rational Team Concert, Rational ClearQuest and HP Quality Center
-
Application security
- Lotus Protector for Mail Security
- Rational AppScan Enterprise Edition
- Rational AppScan Standard Edition
- Rational AppScan Tester Edition
- Rational AppScan Source Edition
- Rational Virtual Forge CodeProfiler for AppScan Source Edition
- Tivoli Data and Application Security
- Tivoli Identity and Access Manager
- Tivoli Security Policy Manager
Considering a purchase?
Contact IBM
Considering a purchase?
- Request a quote
- Email IBM
- Or call us at: 1-800-728-1212
Priority code: 109HG05W