IBM® Security AppScan® Source helps organizations lower costs and reduce risk exposure by identifying web-based and mobile application source code vulnerabilities early in the software development lifecycle, so they can be fixed before deployment.

IBM Security AppScan Source integrates application security testing into your software development lifecycle. It offers enhanced mobile application scanning capabilities and supports testing for mobile web, native and hybrid applications, which includes support for JavaScript, HTML5, Cordova, Java and Objective-C. IBM Security AppScan Source also provides integration with IBM Worklight® Studio and the ability to scan Worklight applications.

IBM Security AppScan Source can enable:

  • Stronger and more cost-effective software security through source code analysis.
  • Improved intelligence through integration with existing tools and processes such as application development, build integration and security monitoring.
  • Security best practices through centralized management and enforcement of security policies.
  • Reporting, governance and compliance capabilities that facilitate communication of security status and issues.

Stronger and more cost-effective software security

  • Identifies security vulnerabilities and defects in source code during the early stages of the application lifecycle when they are inexpensive to remediate.
  • Builds automated security into development by integrating security source code analysis with automated scanning during the build process.
  • Scans, triages and manages security policies; prioritizes assignment of results to security teams for vulnerability remediation.
  • Delivers fast scans of more than one million lines of code per hour; scans even the most complex enterprise applications.
  • Extends security analysis to Android and Apple iOS mobile applications.

Improved intelligence through integration

  • Integrates with defect tracking systems (DTS), software configuration management and build management tools.
  • Provides increased security intelligence through correlation of static analysis results with dynamic analysis results.
  • Accommodates a broad portfolio of large and complex applications across a wide range of languages.
  • Is built on open architecture to protect your existing investments.

Security best practices

  • Define and enforce consistent policies that can be used throughout the enterprise.
  • Enable enterprise-wide metrics and reporting with a centralized policy and assessment database.
  • Provide audit and compliance reports that make it easier to understand application-related threat exposures at the executive level.

Reporting, governance and compliance capabilities

  • Provide visibility into security and compliance risks presented by the identified security issues.
  • Deliver more than 40 security compliance reports, including PCI Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), ISO 27001 and ISO 27002, HIPAA, Gramm–Leach–Bliley Act (GLBA) and Basel II.
  • Focus on mobile application security, including an Open Web Application Security Project (OWASP) Top 10 Mobile Risks report.
  • Support creation of customized reports to align with your organization’s security best practices.