ARMONK, N.Y. -- IBM (NYSE: IBM) today introduced new software to help customers protect their business from today's most advanced and complex web application security attacks. The first release of IBM Rational AppScan, a market leading web application security technology acquired by IBM from Watchfire in July 2007, is a key-part of IBM's software portfolio that helps ensures high quality applications are delivered to the marketplace.
Web applications are high value targets for hackers, yet many organizations have a difficult time tackling security due, in part, to a lack of application security knowledge and the size and complexity of today's websites that incorporate the latest in Web 2.0 technology. Businesses need automated solutions capable of identifying and protecting applications from these weaknesses. IBM Rational AppScan identifies, validates and reports on application security vulnerabilities and with this new version, introduces new features and reporting methods for security auditors while enabling a broader pool of IT roles to participate in and drive critical web application security testing.
Traditionally, testers, developers, and IT professionals have lacked the specific security knowledge needed to effectively run scans. New capabilities in IBM Rational AppScan, such as Scan Expert and State Inducer, broaden the availability of this critical function so IT personnel, software developers and testers are capable of running successful scans while at the same time also add new features to assist security professionals.
- Scan Expert packages the best practices of an expert such as
automatically profiling an application and providing the best test
configuration for a successful scan. This enables more successful scanning
for users with little IBM Rational AppScan or web application security
experience, while improving efficiency for more knowledgeable security
- Furthering its leadership in support of complex Web 2.0 technologies
that includes support for Ajax and Flash, the new State Inducer feature
introduces accurate assessment of multi-step processes within applications.
These include adding to a shopping cart and checking out, filling multiple
forms while applying for a loan, or booking an airline reservation. Until
now, users would have to manually test each of these areas of the
application. With State Inducer, IBM Rational AppScan can learn these
sequences, ensuring they are accurately assessed for security issues,
further automating, saving time and simplifying the testing process.
- Cross site request forgery is a malicious Web site exploit in which an
attacker can fake a request to a site gaining access to sensitive
information. IBM Rational AppScan identifies areas in a Web site where
businesses would be susceptible to cross-site forgery requests.
"With IBM Rational AppScan, Standard Chartered Bank is educating its developers and IT staff on the importance of web application security incorporated throughout the development lifecycle," said John Meakin, group head of information security, Standard Chartered Bank. "IBM Rational AppScan lets us establish best practice in our coding and testing processes, thereby ensuring the security and compliance of our web applications. This is reducing costs, enhancing the security of our products, and improving our security testing productivity."
IBM Corp. (NYSE: IBM)