New IBM Security Scanning Software Protects Businesses from Hackers

Identifies, validates, and reports on application security vulnerabilities

• By James E. Powell
• 11/13/2007

IBM today announced a new software solution that helps customers protect their business from advanced and complex Web application security attacks. Available November 19, IBM Rational AppScan uses technology acquired by IBM from Watchfire earlier this year.

Web applications are high value targets for hackers, but many organizations lack the application security knowledge to prevent problems. Further compounding the problem are the size and complexity of Web sites using Web 2.0 technology. IBM Rational AppScan identifies, validates, and reports on application security vulnerabilities. It incorporates features and reporting methods for security auditors while allowing others within IT to test the security of their Web applications.

IBM Rational AppScan features, including Scan Expert and State Inducer, help IT personnel, software developers, and testers run scans. Other features include:

• Scan Expert: a collection of best practices, such as automatically profiling an application and suggesting the best test configuration for a successful scan %%A State Inducer feature provides accurate assessment of multi-step processes within applications, including adding to a shopping cart and checking out and filling multiple forms while applying for a loan

• Areas for potential cross-site request forgeries are identified IBM Rational AppScan also includes educational material to help users build more secure applications; recorded web-based training (WBT) advisories are directly incorporated into the solution.

More information about IBM Rational AppScan can be found at http://www.ibm.com/software/rational/