IBM Rational AppScan is a Web application security testing tool that automates vulnerability assessments.
IBM Rational AppScan is a family of web security testing and monitoring tools from the Rational Software division of IBM. AppScan is intended to test Web applications for security vulnerabilities during the development process, when it is least expensive to fix such problems. The product learns the behavior of each application, whether an off-the-shelf application or internally developed, and develops a program intended to test all of its functions for both common and application-specific vulnerabilities.
AppScan tests for common Web application vulnerabilities including Cross-Site Scripting, Buffer Overflow, flash/flex application and Web 2.0 exposure scans.
-
Supports the latest Web 2.0 technologies: Includes parsing and execution of JavaScript and Adobe® Flash applications, a deep understanding of AJAX and Adobe® Flex related protocols such as JSON, AMF and SOAP, comprehensive support for elaborate SOA environments, as well as custom configuration and reporting for Mashup and process-driven applications
-
NEW! Scans and detects embedded Malware in web properties providing further protection against cyber-attacks. Available as an AppScan eXtension
-
Customization and Extensibility Capabilities: AppScan eXtension Framework enables the user community to build and share open source add-ons
-
Simplified scan results with the Results Expert wizard: Provides advanced remediation recommendations necessary to fix issues uncovered during the scan
-
Automated Capabilities for Penetration Testers: Advanced testing utilities and the Pyscan framework complements manual testing, offering more power and efficiency
-
Regulatory Compliance Reporting: 40 out-of-the box compliance reports including PCI Data Security Standard, ISO 17799, HIPAA, ISO 27001 and Basel II
Editions
-
AppScan Standard Edition - Desktop software for automated Web application security testing environment for IT Security, auditors, and penetration testers
-
AppScan Tester Edition - An edition that integrates with IBM Rational Quality Manager to form a security testing QA environment
-
AppScan Build Edition - A version that embeds web application security testing into the build management workflow
-
AppScan Enterprise Edition - Client-server version used to scale security testing
-
AppScan OnDemand - Identifies and prioritizes Web Application Security vulnerabilities via SaaS Model
-
AppScan OnDemand Production Site Monitoring - Monitors production Web content and sites for security vulnerabilities via SaaS Model
-
AppScan Source Edition - Prevent data breaches by locating security flaws in the source code
-
AppScan Reporting Console - Reporting add-on
Check out IBM Security AppScan @ www.ibm.com
CORE Impact Professional is the most comprehensive software solution for assessing and testing security vulnerabilities throughout your organization.
HP WebInspect gives security professionals and security novices alike the power and knowledge to quickly identify and validate critical, high-risk security vulnerabilities.
Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits web applications by checking for hacking vulnerabilities.