IBM® Security AppScan® Enterprise enables organizations to mitigate application security risk, strengthen application security program management initiatives and achieve regulatory compliance. Security and development teams can collaborate, establish policies and scale testing throughout the application lifecycle. Enterprise dashboards classify and prioritize application assets based on business impact and identify high-risk areas, permitting you to maximize your remediation efforts. Performance metrics are provided that help you monitor the progress of your application security programs.
IBM Security AppScan Enterprise delivers:
- Scalable application security testing using a variety of testing techniques.
- Test policies, scan templates and vulnerability remediation advisories to help implement application security programs.
- Detailed security reports and enterprise level dashboards to provide visibility of risk and compliance.
Scalable application security testing
- Provides a scalable enterprise architecture that enables the engagement of a large number of application security testers. IBM Security AppScan Enterprise also supports IBM Worklight® project teams.
- Offers a variety of techniques for testing web, non-web and mobile applications and services, including dynamic, static and interactive analysis.
- Scans websites for links to malicious or undesirable websites based on the IBM X-Force® database.
- Integrates dynamic and static analysis techniques to identify vulnerabilities in client-side JavaScript.
- Aggregates and correlates dynamic and static analysis assessment results for enhanced reporting of vulnerabilities.
Test policies, scan templates and vulnerability remediation advisories
- Enable the definition of policies and scan templates to govern application security testing.
- Deliver vulnerability advisories, fix recommendations and built-in training videos to educate development teams.
- Provide built-in issue management capabilities and integration with development and quality assurance systems.
Detailed security reports and enterprise level dashboards
- Classify and prioritize application assets based on business impact and identify high-risk areas, permitting you to maximize your remediation efforts.
- Provide visibility into the security and compliance risks presented by the identified security vulnerabilities and show progress through performance metrics and trending.
- Provide flexible, detailed security issues reports that enable users to group and organize report data in multiple ways.
- Deliver more than 40 security compliance reports, including PCI Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), ISO 27001 and ISO 27002, HIPAA, Gramm–Leach–Bliley Act (GLBA) and Basel II.
- Integrates with IBM Security QRadar®, IBM Security Network Intrusion Prevention System and IBM mobile security solutions to provide additional intelligence for prioritizing vulnerabilities and mitigating risk.