Testing applications is always difficult. Time, forces, people that capable to do this, everything turns into tasks that need to be addressed. And especially testing on the vulnerability of hacker attacks, because not everyone knows what are the ways used by digital criminals. In order to solve this problem, IBM has created a Rational AppScan – a program that automatically scans the Web application for vulnerabilities and generates reports on the results of the tests.
How IBM AppScan works
IBM Rational AppScan use approach to the application as the “black box”. At first, AppScan examines the Web application and builds its own model of the site. On the basis of these results, it defines the vectors based on the selected testing policy. Then it starts to send a different HTTP requests that are appropriate for this policy, and analyzes HTTP responses.
What do we get as a result? A powerful and intuitive tool that can automatically scan and test Web applications on typical vulnerabilities, including services and javascript, correct them (including giving a list of actions to close the vulnerabilities detected, if this cannot be done automatically). IBM Rational AppScan is perfectly integrated with other testing tools, and can have a joint schedule with them and reporting. Just as it provides more than 40 pre-formatted reports for compliance with safety requirements.
A very important feature of IBM Rational AppScan is that it does not require a team of expensive security professionals because it provides a very detailed reports and instructions. For example, each vulnerability is equipped with an accessible description of how it works and why it is dangerous, including the help of videos. That is, to the educational component of the guys from IBM came up with all the responsibility.
Key benefits:
- Get a quick start by using a built-in Scan Configuration Wizard.
- Obtain a thorough security assessment of your web applications and web services.
- Learn about vulnerabilities and how to resolve them with comprehensive advisories and fix recommendations.
- Communicate vulnerabilities to development teams using detailed PDF reports.
- Determine areas of non-compliance to industry regulations.
Key capabilities:
- Automated Dynamic Application Security Testing (DAST) and Interactive Application
- Security Testing (IAST) of modern web applications and services.
- Comprehensive JavaScript execution engine supporting Web 2.0, JavaScript, and AJAX frameworks.
- SOAP and REST web services testing, covering XML and JSON infrastructure. Support for WS-Security standards, XML encryption, and XML signatures.
- Detailed vulnerability advisories and fix recommendations.
- Over 40 regulatory compliance reports, including Payment Card Industry Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), ISO 27001 and ISO 27002, and Basel II.
- Customization and extensibility with the IBM Security AppScan eXtensions Framework.
