Security testing is a natural extension to build-acceptance tests. Before a build is released to the test team, development organizations can run static and dynamic tests against the build to identify and remediate known vulnerabilities. IBM Security AppScan Source includes options for automatically triggering static analysis of the source code with each build. Through their IDE plug-in, developers then access the results to view issues in their code—as well as detailed descriptions of risk and recommended remediation.By automating attacks against the compiled application, dynamic testing from IBM Security AppScan Enterprise or IBM Security AppScan Standard provides powerful analysis of how the application withstands security attacks while providing the detailed vulnerabilities that should be addressed before releasing the build.
IBM Security AppScan software’s advanced security testing delivers:
- Coverage for top threats as ranked by the Open Web Application Security Project (OWASP) and Web Application Security Consortium (WASC)
- Advanced testing for Simple Object Access Protocol (SOAP) web services
- Innovative interactive application security testing (IAST) that combines DAST with an internal agent that monitors application behavior during a simulated attack to provide more accurate test results and identify specific lines of code, providing details that help facilitate remediation