IBM® Security AppScan® Standard helps organizations decrease the likelihood of web application attacks and costly data breaches by automating application security vulnerability testing. IBM Security AppScan Standard can be used to reduce risk by permitting you to test applications prior to deployment and for ongoing risk assessment in production environments.

IBM Security AppScan Standard supports:

  • Broad coverage to scan and test for a wide range of application security vulnerabilities.
  • Accurate scanning and advanced testing that delivers high levels of accuracy.
  • Quick remediation with prioritized results and fix recommendations.
  • Enhanced insight and compliance that helps manage compliance and provides awareness of key issues.

Broad coverage

  • Automated dynamic—known as black box—security testing for emerging web vulnerabilities including web services, Web 2.0 and rich Internet applications such as JavaScript, Ajax and Adobe Flash.
  • JavaScript Security Analyzer for advanced static—known as white box— analysis of client-side security issues, such as DOM-based, cross-site scripting and code injection.
  • Enhanced support for web services and service-oriented architecture (SOA) including SOAP and XML.
  • Customization and extensibility with the IBM Security AppScan eXtensions Framework, which allows the user community to build and share open source add-ons.

Accurate scanning and advanced testing

  • Scans websites for embedded malware that links to malicious or undesirable sites.
  • Performs comparisons with an IBM X-Force® maintained database.
  • Simplifies the process of interpreting scan results with scan-specific descriptions and explanations of each issue.
  • Offers an adaptive test process that intelligently mimics human logic. It learns the application, down to the level of each specific parameter and adjusts to perform only relevant tests.
  • Provides tools for manual testers, including advanced utilities for custom security testing using Pyscan scripts.

Quick remediation

  • Provides streamlined remediation that fixes high-priority problems first.
  • Offers explicit remediation steps with code examples to implement fixes quickly.
  • Provides advanced remediation capabilities, including a helpful task list.
  • Integrates with defect tracking systems such as IBM Rational® ClearQuest® and HP Quality Center.

Enhanced insight and compliance

  • Includes regulatory compliance reporting templates with over 40 ready-to-use compliance reports, including Payment Card Industry Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), ISO 27001 and ISO 27002 and Basel II.
  • Helps meet key compliance standards such as PCI DSS by supporting application security testing on an ongoing basis.
  • Integrates with IBM Security AppScan Reporting Console for enterprise-wide visibility into risks and continuous updates on remediation progress.