IBM Rational AppScan is a Web application security testing tool that automates vulnerability assessments.
IBM Rational AppScan is a family of web security testing and monitoring tools from the Rational Software division of IBM. AppScan is intended to test Web applications for security vulnerabilities during the development process, when it is least expensive to fix such problems. The product learns the behavior of each application, whether an off-the-shelf application or internally developed, and develops a program intended to test all of its functions for both common and application-specific vulnerabilities.
AppScan tests for common Web application vulnerabilities including Cross-Site Scripting, Buffer Overflow, flash/flex application and Web 2.0 exposure scans.
NEW! Scans and detects embedded Malware in web properties providing further protection against cyber-attacks. Available as an AppScan eXtension
Customization and Extensibility Capabilities: AppScan eXtension Framework enables the user community to build and share open source add-ons
Simplified scan results with the Results Expert wizard: Provides advanced remediation recommendations necessary to fix issues uncovered during the scan
Automated Capabilities for Penetration Testers: Advanced testing utilities and the Pyscan framework complements manual testing, offering more power and efficiency
Regulatory Compliance Reporting: 40 out-of-the box compliance reports including PCI Data Security Standard, ISO 17799, HIPAA, ISO 27001 and Basel II
AppScan Standard Edition - Desktop software for automated Web application security testing environment for IT Security, auditors, and penetration testers
AppScan Tester Edition - An edition that integrates with IBM Rational Quality Manager to form a security testing QA environment
AppScan Build Edition - A version that embeds web application security testing into the build management workflow
AppScan Enterprise Edition - Client-server version used to scale security testing
AppScan OnDemand - Identifies and prioritizes Web Application Security vulnerabilities via SaaS Model
AppScan OnDemand Production Site Monitoring - Monitors production Web content and sites for security vulnerabilities via SaaS Model
AppScan Source Edition - Prevent data breaches by locating security flaws in the source code
AppScan Reporting Console - Reporting add-on
Check out IBM Security AppScan @ www.ibm.com