IBM Security AppScan

The IBM Security AppScan portfolio includes solutions specifically designed for non-security experts to execute automated test scripts configured by the security team to identify common vulnerabilities, such as SQL injection and cross-site scripting (XSS). By enabling developers and quality assurance professionals to address application security as part of their normal processes, security teams can dedicate their efforts to the more advanced testing to identify sophisticated threats like client-side JavaScript vulnerabilities.

Security testing is a natural extension to build-acceptance tests. Before a build is released to the test team, development organizations can run static and dynamic tests against the build to identify and remediate known vulnerabilities. IBM Security AppScan Source includes options for automatically triggering static analysis of the source code with each build. Through their IDE plug-in, developers then access the results to view issues in their code—as well as detailed descriptions of risk and recommended remediation.By automating attacks against the compiled application, dynamic testing from IBM Security AppScan Enterprise or IBM Security AppScan Standard provides powerful analysis of how the application withstands security attacks while providing the detailed vulnerabilities that should be addressed before releasing the build.

IBM Security AppScan software’s advanced security testing delivers:

    • Scanning of rich Internet applications that use Adobe Flash, JavaScript, Ajax and more
    • Coverage for top threats as ranked by the Open Web Application Security Project (OWASP) and Web Application Security Consortium (WASC)
    • Advanced testing for Simple Object Access Protocol (SOAP) web services
    • Static taint analysis of client-side JavaScript
    • Innovative interactive application security testing (IAST) that combines DAST with an internal agent that monitors application behavior during a simulated attack to provide more accurate test results and identify specific lines of code, providing details that help facilitate remediation
Ovaj unos je objavljen u Nekategorizirano. Bookmarkirajte stalnu vezu.


Popunite niže tražene podatke ili kliknite na neku od ikona za prijavu: Logo

Ovaj komentar pišete koristeći vaš račun. Odjava /  Izmijeni )

Google+ photo

Ovaj komentar pišete koristeći vaš Google+ račun. Odjava /  Izmijeni )

Twitter picture

Ovaj komentar pišete koristeći vaš Twitter račun. Odjava /  Izmijeni )

Facebook slika

Ovaj komentar pišete koristeći vaš Facebook račun. Odjava /  Izmijeni )


Spajanje na %s