IBM Application security

Innovate with confidence

Few innovations have proven as flexible and valuable as web applications, but they can also be extremely vulnerable to malicious attacks. According to security reports from IBM X-Force® 2011 Mid-year Trend and Risk Report, 37 percent of all issues reported were related to web applications.

As more business is conducted online, the challenges for organizations to meet web application security and compliance standards are growing. Web applications are becoming more complex, too, making it more difficult to make them secure. As a result, innovation can be increasingly inhibited by security and compliance concerns.

IBM Software can help you deliver innovative, secure web applications with confidence – and help you lower costs. IBM solutions ensure that security is factored into the initial design and not bolted on after the fact. In fact, IBM provides one of the leading application security testing suites. It manages vulnerability testing throughout the software development life cycle.

IBM Software application security solutions provide you with:

• Static analysis security testing to identify vulnerabilities at the source
• Automated web application scanning and testing with intelligent fix recommendations
• Extended coverage through Glassbox analysis and JavaScript Security Analyzer
• Support for modernizing your legacy applications, including source code analysis of COBOL and SAP applications
• Automated correlation of static and dynamic analysis results (reporting hybrid analysis)

Real results

The General Services Administration (GSA) used IBM web application security software to rapidly analyze multi-million lines of code and delivered fast access to the latest vulnerability and remediation information to ensure an updated application was secure inside and out – before it was deployed.

A top five United States commercial bank is able to separate confirmed vulnerabilities from false positives and provide accurate, concise results that can be remediated rapidly.

Discover the IBM Software products that can help you secure your web applications as you build them and support innovation

Build in security and drive innovation

Ewa Hoyt, IBM Security Application and Compliance Marketing Manager

Patrick Vandenberg, IBM Security and Compliance Marketing Manager

According to IBM research, half of all cyber security vulnerabilities come from web applications. Fight back by making application security part of your development process. Reduce risk and costs, and keep your development teams productive to drive the innovation you need to compete and win.

Download the podcast (20:58 minutes, 12.0MB)

Download the transcript (PDF, 219KB)

Application security resources

• Secure by design e-Kit

  Learn how to build security into your systems.

• Security.Everywhere

  See how Rational enables your organization to consider security. Everywhere.

• Analyst report

  IBM X-Force 2011 mid-year trend and risk report.

Rational Policy Tester demo

• Watch the demo

  Ensure website user accessibility by monitoring for over 170 accessibility checks.

ROI calculator

Rational AppScan ROI calculator will estimate expected savings in time and cost.

Calculate your ROI

Try Rational AppScan

See how Rational AppScan can identify security vulnerabilities across your development lifecycle.

Download the trial

Security e-Kit

Resources to help you understand the importance of security and regulatory compliance for your website.

Register for the e-kit

Case study

• Technical Reference Story for SAP with IBM Rational AppScan (PDF, 747.19KB)
• West Virginia University cuts risks by an average of 60 percent

White paper

Motivations for software security: An executive overview

Read the white paper

Glass box testing: Thinking inside the box

Read the white paper

Related solutions

• IBM: Secure by design
• IT security
• IBM security services
• Security, risk and compliance management

Comprehensive application security solutions from IBM.

Provide preemptive protection to keep applications secure, protected from malicious use, and hardened against failure.

• 

  Rational AppScan family

  Comprehensive application vulnerability management across the application lifecycle

• 

  Rational Policy Tester family

  Automated online compliance solution to assess quality, privacy, and accessibility compliance issues across corporate web properties.

• 

  Tivoli Identity Manager

  Automates internal controls that govern your user access rights.

• 

  Tivoli Access Manager for Enterprise Single Sign-On

  Reduce costs and simplify access to applications with single sign-on

All products - Application and process

• IBM Security Key Lifecycle Manager for z/OS

• Lotus Protector for Mail Security  | Trials and demos

• Rational AppScan family - Overview
  • Enterprise Edition
  • Rational AppScan Source Edition
  • Standard Edition | Trials and demos
  • Tester Edition
  • Rational Virtual Forge CodeProfiler for AppScan Source Edition

• Tivoli Access Manager for Enterprise Single Sign-On

• Tivoli Data and Application Security  | Trials and demos

• Tivoli Federated Identity Manager
  • Federated Identity Manager
  • Business Gateway
  • for z/OS

• Tivoli Identity and Access Assurance

• Tivoli Identity and Access Manager

• Tivoli Security Policy Manager

• Tivoli Unified Single Sign-On

White paper

Close encounters of the third kind: Client-side JavaScript vulnerabilities

Read the white paper

Solution brief

Managing application security and regulatory compliance.

Read the brief

Interactive demo

See how building security into software applications early in the development lifecycle, lowers costs and increases protection.

Watch the demo

Security paper

IBM X-Force 2011 trend & risk report

Read the report

White paper

Addressing single sign-on inside, outside and between organizations.

Read the report