IBM Rational AppScan

2018: IBM sold Appscan

In the first half of 2019 the company HCL Technologies will become the full owner of products Appscan BigFix, Unica, Commerce Portal Connections, the focused on the markets e-commerce and human resources. In more detail here.

2010: Expansions of a product portfolio of IBM Rational AppScan

The software and analytical opportunities allowing with a bigger accuracy and efficiency to help the organizations with design, creation and management of protected applications. The solution consolidates possibilities of detection of vulnerabilities of software and preparation of the reporting in exhaustive information representation, uniform enterprise-wide. Developers can estimate security risks during complete lifecycle of development of the programs now that allows globally dispersed teams of developers to test applications and with ease to reveal vulnerabilities of security, and, as a result, to reduce the risks and costs connected with security of software and respect for the relevant regulatory standards.

So, the organizations can use the software for process automation of security audit of applications and a research of the source code for the purpose of a guarantee that network and Web-centric applications conform to requirements for security. All this provides more careful verification of applications on existence of uyazvzimosty security and elimination of the found errors.

For December, 2010 offers of IBM in the field of security of the software include expansions of a portfolio of IBM Rational AppScan that in addition simplifies to developers the analysis and detection of vulnerabilities of the software products. As a part of new features, research division of IBM Research provided a technique of the lower case analysis (string analysis) – an opportunity which helps to facilitate process of software testing on security through automatic check and determination of what options of data entry in Web applications need adjustment for reduction or elimination of risks of security. This opportunity helps to improve efficiency and accuracy of applications testing on security for all community of developers, irrespective of their qualification in the field of protection of software.

According to report IBM X-Force Trend Report published in the middle of this year, 55% of all revealed vulnerabilities are the share of Web applications that does this category of the software by the main source of risk for the organizations. In the report it is noted that threats of IT security grew by 36% for the first half of 2010 what over 4000 new revealed vulnerabilities in comparison with last year testify to.

Simplification of a problem of achievement of end-to-end security of software applications

Web applications are often vulnerable due to the lack of the built-in internal system of security. For reduction of this risk the organizations need to implement the strategy of security which guarantee that applications were programed taking into account requirements for security during all lifecycle of development, from the beginning and before end.

Opportunities for security strengthening

Expansions of a portfolio of IBM Rational AppScan simplify and automate process of scanning of programs for detection of vulnerabilities and offer new opportunities of the hybrid analysis, improving process of search and elimination of threats. The hybrid analysis provides automatic approval of results of static analysis of a source program code and dynamic analysis for more effective detection of vulnerabilities in automatically run applications.

In general expansions of a product portfolio of IBM Rational AppScan include:

• The consolidated representation of vulnerabilities — the Hybrid Analysis Reporting Function performs automatic approval of results of static analysis of a program code and dynamic analysis, and increases the accuracy of the aggregate analytical results reported to developers for elimination of vulnerabilities. Such transparency expands possibilities of a packet of Rational AppScan Enterprise Edition and allows the organizations to apply strategic approach to security of Web applications. Besides, development teams gain an exhaustive impression about the risks connected with observance of regulatory regulations on security. Automatic approval of analysis results is initially implemented for the Java platform.
• Scanning with expanded access which reveals the areas hidden for check — Functionality of scanning with the hybrid analysis allows to perform in the course of application testing synchronous static analysis of the source code and dynamic analysis for more careful detection of vulnerabilities, than it was possible earlier. This functionality implemented in the form of the Rational AppScan Standard Edition expansion supports JavaScript and provides access to scan regions which were hidden for control earlier.
• The simplified process of assessment of security status — the Method of the lower case analysis, being key expansion of a packet Rational AppScan Source Edition, it is designed to promote recognition and distribution of the advanced practice of testing of security of applications among community of developers. The lower case analysis simplifies process of testing of security by automatic check and determination of what areas of a program code implementing the user data entry in Web applications should be corrected for reduction or elimination of risks of security. This capability to facilitate process of assessment of security allows to optimize and increase the accuracy of testing of the source code, giving development teams an opportunity to deliver reliably protected applications in the conditions of strictly limited terms.
• Support of variety of frame infrastructures — One more innovation of a portfolio of Rational AppScan Source Edition is "the expanded frame infrastructure of applications" (Extensible Application Framework) which extends the increased level of transparency and a possibility of flow analysis of data to the commercial, open and specially developed in the organizations frame infrastructures of Web applications. Capability support any existing or specially configured frame infrastructure of applications it is crucial for control of faultlessness of a program code and also an indicator of "extent of compensation" (influence of errors and inaccuracies).
• Along with these innovations, IBM also announced support in software products of a portfolio IBM Rational of the federal standard of security of CAC/PKI. The CAC/PKI protocol expands possibilities of the government on global prevention of unauthorized access to physical and digital mediums which can negatively affect security of military and national initiatives. IBM provides full range of services on detailed design, development and deployment of application solutions for smart cards / the biometric systems and practical implementations of CAC/PKI – as a part of the efforts on ensuring support of standards in information security field during complete lifecycle of development and use of software applications.

The solutions IBM Security Solutions represent an extensive portfolio of hardware, software products, professional services and services of management which cover all range of risks of information technology security and business, including people with their identification data, information, applications and processes, networks, servers and other logical and physical infrastructure. Offers of IBM Security Solutions give to clients ample opportunities for implementation of innovations and implementation of the business operations based on reliably protected infrastructure platforms.