AppScan Enterprise

About AppScan Enterprise IBM's AppScan Enterprise is software used by web developers, content managers, database administrators and system administrators to check web applications for security vulnerabilities. This software can be used in test, development, and QA instances to find all linked pages and to check sites for vulnerabilities such as SQL injection, cross site scripting, and other common web vulnerabilities

. It has the following capabilities:

y y y y y y

Provides Management with visibility of the security and regulatory compliance risk their Web applications present to their organization Enables Information Security to scale their auditing activities and ensure that no Web applications are untested Enables organizations to engage and educate their Development and QA teams, and implement security controls throughout the SDLC to mitigate risk and reduce cost Utilizes a combination of testing techniques to provide as thorough of an automated assessment as possible Provides collaboration capabilities and tools suitable for each stakeholder involved Information Security, Development, QA and Management Integrates with SDLC workflows and software systems Under the hyperlink

Key features:
y y y

y y y y y y y

Scalable, enterprise architecture that enables scanning of multiple applications simultaneously Correlation of results discovered using dynamic and static analysis techniques Ability to scans Web sites for both embedded malware and links to malicious or undesirable sites to ensure your Web site is not infecting visitors or directing them to unwanted or dangerous sites without their knowledge Ability to test Web services Advisories, fix recommendations and built-in training videos to facilitate the process of remediation once security vulnerabilities have been identified and validated Issue management capabilities and integration with Defect Tracking Systems Enterprise level reporting which provides visibility of the security and compliance risk the identified security issues present Performance metrics and trending that give Management a sense of the progress being made Flexible detailed security issues reports that enable users to group and organize their report data in multiple ways Over 40 out-of-the box security compliance reports including PCI Data Security Standard, Payment Application Data Security (PA-DSS) (new), ISO 27001 and ISO 27002 , HIPAA, GLBA and Basel II

Role-based reporting access and scan permissions to help enforce test polices and provide governance