Wednesday, February 10, 2016

Capabilities of IBM App Scan as a Source code scanning tool

Capabilities of IBM App Scan as a Source code scanning tool

I like IBM App Scan as it offers a wide variety of options and is a flexible enterprise tool. The pricing for IBM and HP tools are almost similar and most IT shops will have to invest in such tools incrementally.

AppScan Enterprise Server provides:
  • Scalable, enterprise architecture
  • Intelligent fix recommendations to ease the process of remediation after vulnerabilities have been found
  • Ability to scan websites for both embedded malware and links to malicious or undesirablesites to ensure your website is not infecting visitors or directing them to unwanted or dangerous sites without their knowledge
  • Continuous monitoring and aggregation of metrics to ensure remediation and trend improvement over time
  • Addition of a web services API enabling integration with IBM Rational Insight
  • Sophisticated dashboards and flexible reporting views to provide enterprise-wide visibility of risks and remediation progress. It offers the lowest false positive rate in the industry
  •  Ability to test sequential business logic, such as opening a new account or making an online
  • purchase
  • Over 40 out-of-the box security compliance reports including PCI Data Security Standard, Payment Application Data Security (PA-DSS), ISO 27001 and ISO 27002, HIPAA, GLBA and Basel II
  • Role-based reporting access and scan permissions to help enforce test polices and to centralize vulnerability scanning
A security analyst using this tool will
  • Audit a large number of applications and triage results
  • Communicate the identified issues to Development for remediation
  • Monitor a large number of applications on an ongoing basis
  • Create and communicate test policies to Development and QA teams
  • Present application security risk reports to management
A management/Compliance Officer using this tool  will
  • Assess the security risk to your organization that your web applications present
  • Identify the most problematic applications and take action
  • Identify the types of issues that are most prevalent to create appropriate education programs
  • Assess if the security of your web applications is improving
  • Identify compliance risk related to various industry guidelines

No comments:

Post a Comment