SlideShare uma empresa Scribd logo

Ibm rational app scan managing application security and regulatory compliance

A
Arun Gopinath
Tecnologia
1 de 8
Baixar para ler offline
IBM Software Rational Security IBM Rational AppScan: Managing application security and regulatory compliance Identify, prioritize, track and remediate critical security vulnerabilities throughout the application life cycle
2 IBM Rational AppScan: Managing application security and regulatory compliance Comprehensive application vulnerability The IBM Rational AppScan software product suite includes: management Licensed offerings Many organizations depend on web-based software to run ● IBM Rational AppScan Express Edition their business processes, conduct transactions and deliver ● IBM Rational AppScan Standard Edition increasingly sophisticated services to customers. Every applica- ● IBM Rational AppScan Source Edition tion destined for online deployment should address security ● IBM Rational AppScan Build Edition issues as an integral part of the software delivery process. ● IBM Rational AppScan Tester Edition Unfortunately, in the race to meet deadlines and stay ahead of ● IBM Rational AppScan Reporting Console the competition, many businesses fail to perform adequate ● IBM Rational AppScan Enterprise Edition security testing, and the resulting vulnerabilities provide ample opportunity for hackers to access or steal corporate or per- SaaS offerings sonal data—placing the entire business at risk. ● IBM Rational AppScan OnDemand ● IBM Rational AppScan OnDemand Premium The most efficient way to stay ahead of application security ● IBM Rational AppScan OnDemand Production Site vulnerabilities is to build software securely, from the ground Monitoring up. The challenge is that the majority of developers are not ● IBM Rational AppScan OnDemand Source Code Analysis security experts, and secure coding is historically not identified as a priority relative to delivering functionality on time and on Training and service options budget. As a result, web-based and non-web based applications ● IBM Rational web-based training for AppScan alike continue to be deployed riddled with vulnerabilities ● IBM Rational Professional Services ready for exploitation, easily risking sensitive data to a breach. Each of these solutions provides scanning, reporting and fix The onerous task of vulnerability identification and remedia- recommendation functionality, and each is designed for a vari- tion cannot be successfully addressed by limited IT security ety of users, including information security managers, penetra- resources. So the best way to engage development in the tion testers, security auditors, application developers, build process of application security is to provide them with tools managers, and quality assurance (QA) teams. that fit into their existing environment and workflow, and that generate results in a language they understand. The Protect critical web-based business assets IBM® Rational® AppScan® software portfolio enables organ- Offering comprehensive security capabilities for complex web izations to embed application security testing throughout the applications, the Rational AppScan software suite scans and development life cycle to help increase visibility and control tests for common web application vulnerabilities, including while employing a risk mitigation strategy. those identified by the Web Application Security Consortium (WASC) threat classification. Rational AppScan solutions From requirements, through design and code, security testing, share an extensive range of powerful, flexible core features to and into production, Rational AppScan software helps to provide robust application scanning coverage for the latest ensure that critical security vulnerabilities are identified, prior- Web 2.0 technologies, including enhanced support for itized, tracked, and remediated across the application life Adobe® Flash technology and advanced JavaScript frame- cycle. In short, Rational AppScan software helps you to design works, coupled with comprehensive support for AJAX-based security into your application infrastructure. applications.
IBM Software 3 IBM Rational AppScan core features Feature Benefits Scanning efficiency and ● The user interface provides a view selector for the application tree, along with hierarchical security issues results ease of use lists, developer remediation views and details panes. ● An adaptive test process helps users to analyze application parameters and select only relevant tests that do not impede the development process. ● Complex authentication support allows testing for multistep authentication procedures. ● Advanced session management performs automatic re-logins when required. ● Real-time results views help users to act on issues before a scan is complete. ● Prebuilt pattern search rules facilitate security testing around credit card, social security or other numerical sequences. Customization and control ● Rational AppScan eXtensions Framework technology helps users create, share and load powerful add-ons that extend testing capabilities. ● Pyscan, which couples Rational AppScan software with the capabilities of Python scripts, lets users leverage scanning capabilities without the limitations of a user interface. ● Rational AppScan software development kit (SDK) helps users invoke actions, from executing a long scan to sub- mitting a custom test. The SDK interfaces are designed to ease integrations and support customized use of the scan engine, along with Rational AppScan eXtensions Framework and Pyscan options. Vulnerability detection ● Coverage for global validation analyzes test responses for inadvertently triggered issues, Secure Sockets Layer (SSL) certificate testing and cross-site request forgery (CSRF) testing. ● Hacker simulations aid in the search for current, known vulnerabilities. ● Notifications on the latest threats are delivered automatically when users launch a Rational AppScan application. ● A bundled utility suite helps penetration testers and security consultants develop, test and debug web applications. ● Security testing coverage for web services. “ We turned to IBM Rational because they offered both the technology leadership and the deep security expertise required to help us implement an analysis strategy that could be embedded in our existing development process. By doing so we have been able to vastly improve the security of our software while reducing costs by finding vulnerabilities earlier where they are less costly to repair.” —Marek Hlávka, Chief Security Officer, Skoda Auto
4 IBM Rational AppScan: Managing application security and regulatory compliance IBM Rational AppScan Express Edition Conduct security audits and production monitoring IBM Rational AppScan Standard Edition Automating web application testing processes to help security Gain robust web application security features auditors and penetration testers quickly and efficiently do Organizations with small or limited application development their jobs requires sophisticated and intelligent scanning teams also need to consider security testing as part of the technologies. Rational AppScan Standard Edition software development life cycle. Yet these organizations often have to includes features designed to support moderate and sacrifice functionality for affordability. Rational AppScan power users. Express Edition software meets the requirements of mid-size organizations by delivering the uncompromising security test- ing functionality at an attractive price point. Designed for ease Rational AppScan Express Edition and Standard Edition of deployment, Rational AppScan Express Edition software software features can help lower the time and costs associated with manual vul- ● JavaScript Analyzer: Leveraging dynamic and static nerability testing, allowing your teams to focus on other IT analysis to help deliver scanning hybrid analysis and and security-related needs within your organization. identify previously unknown vulnerabilities. ● Scan expert: A wizard tool that offers guidance for scan creation and set-up based on best practices, including the use of additional tools. Users can authorize a pre-scan that profiles the target application and recom- mends actions required for a successful scan. ● State inducer: Scans and tests complex business processes (such as multistep online shopping carts and order tracking) and maintains parameter values and cookies throughout. ● Predefined scan templates: Helps users to quickly choose and launch configuration options. ● Rapid scan configuration wizard: Guides users through important settings as well as conditional steps for proxy/platform authentication and in-session detection information. ● New request/response tabs: Offer syntax highlighting, request/response, collapse/expand, as-you-type search and additional right-click options. ● Microsoft® Word template-based reporting. ● Embedded web-based training modules: Help explain issues and demonstrate exploits. ● Automated web services assessments: Help locate Figure 1: Rational AppScan Standard software helps you identify vulnera- application-layer vulnerabilities, SOAP and XML parser bilities in your website before the hackers do. vulnerabilities and web services infrastructure vulnerabilities.
IBM Software 5 IBM Rational AppScan Build Edition Tester and Edition software, Rational AppScan Reporting Automate security testing Console software is backed by an enterprise-class database Rational AppScan Build Edition software supports automated that allows you to consolidate scan results from multiple security testing at the build stage of the software development Rational AppScan Express and Standard clients to create a life cycle. By integrating with multiple build management centralized application vulnerability repository. Scan results systems, such as IBM Rational Build Forge® software, it can be easily distributed to QA and development teams with- provides security testing coverage for scheduled builds. It also out having to install additional desktop licenses, helping to routes the results back to development though defect-tracking simplify the remediation process and integrate vulnerability solutions such as IBM Rational ClearQuest® software, or analysis across the software development life cycle. Rational through security reporting solutions such as Rational AppScan AppScan Reporting Console software allows you to create Enterprise Edition software or Rational AppScan Reporting multiple dashboards for multiple users, giving individuals the Console software. ability to segment security data by application, business unit, geography or third-party provider. Rational AppScan Build Edition software includes the same set of analysis techniques as the Rational AppScan Developer Edition software, providing a high level of accuracy plus code Rational AppScan Reporting Console software features coverage that helps you identify which code has been tested. In addition to the convenience and extensibility of central- ized administration, Rational AppScan Reporting Console IBM Rational AppScan Tester Edition Make security testing part of your quality management software features include: program ● A central data repository: Automatically stores and Rational AppScan Tester Edition software, available as a desk- aggregates static and dynamic analysis test results for top application, offers capabilities to help QA teams integrate enterprise-wide access and multiple views. security testing into existing quality management processes, ● Automated correlation of analysis test results: Static and thereby easing the burden on security professionals. dynamic (hybrid analysis). ● A web-based reporting console: Provides role-based Because Rational AppScan Tester Edition software integrates access to security reports and facilitates communication with leading testing systems, QA professionals can use its across the organization. ● Executive dashboards and delta analysis reports: functionality in test scripts and can conduct security checks Highlight changes from one scan to the next, including within their familiar testing environments, facilitating the fixed, pending and new security issues. adoption of security testing along with functional and per- ● Centralized controls: Monitoring and control web applica- formance testing. tion vulnerability testing across the organization. IBM Rational AppScan Reporting Console Access centralized reporting on web application vulnerability data IBM Rational AppScan Reporting Console software is a pow- erful web-based management and reporting application. Fully integrated with Rational AppScan Express, Standard, Source,
6 IBM Rational AppScan: Managing application security and regulatory compliance IBM Rational AppScan Source Edition Embed security testing seamlessly into your development Rational AppScan Source Edition software features environment The most efficient way to stay ahead of application security ● Address the root cause of data breach risk through vulnerabilities is to build software securely from the ground the identification and remediation of security defects in the source at the early stages of the application life cycle. up. The challenge is that most developers are not security ● Create, distribute and enforce consistent policies and experts, and writing security-rich code is not always their top empower enterprise-wide metrics and reporting with a priority. So the best way to engage development in the process centralized policy and assessment database. of application security is to provide them with tools that work ● Accommodate a broad portfolio of large and complex in their environment and that generate results in languages applications across a wide range of languages. they understand. ● Build automated security into development by seamlessly integrating security source code analysis with automated Rational AppScan Source Edition software is designed to help scanning during the build process. developers and build managers invoke application security ● Facilitate collaboration between security and develop- testing from within their development or build environment. ment by offering flexible triage and remediation that It helps the development organization to address the volume automates flow of information between these teams. ● Provide a method to certify outsourced applications by of security issues that can be introduced in code, streamlining building security requirements into outsourcing contracts the development life-cycle workflow and helping to reduce and leveraging Rational AppScan Source Edition software costly security testing bottlenecks that can occur at the end of to manage acceptance criteria. the release cycle. ● Provide options for security, development and remediation types of users. ● Allow security teams to scan, triage, manage security policies and prioritize the assigning of results for vulnerability remediation. ● Help development teams to pinpoint vulnerabilities and provide precise, detailed remediation advice for rapid fixes, all within the developer IDE. Figure 2: Rational AppScan Source Edition software provides a work- bench to configure applications and projects, scan code, analyze, triage, and take action on priority vulnerabilities. You can also publish assess- ments to Rational AppScan Enterprise Edition software for correlation.
IBM Software 7 IBM Rational AppScan Enterprise Edition Scale application security testing across the enterprise Rational AppScan Enterprise Edition software features With its web-based architecture, Rational AppScan Enterprise ● A web-based console that provides role-based user Edition software is designed to help organizations distribute access to security reports, tracking and trending responsibility for security testing and provide visibility and over time, which facilitates communication across the access to multiple stakeholders. Scalability and centralized organization. control facilitate the necessary governance, collaboration, and ● Executive dashboards and delta analysis reports that risk management capabilities to effectively manage security highlight changes from one scan to the next, including testing across the enterprise. AppScan Enterprise Edition fixed, pending and new security issues. helps ensure timely communication and coordination across ● Centralized controls for monitoring and controlling web multiple teams as results are prioritized, tracked, and remedi- application vulnerability testing across the organization. ated. It provides regulatory compliance reports and an overall compliance view, while management views offer real-time graphical dashboards and trending of the organization’s secu- rity posture. Enterprise Edition is also available as a SaaS IBM Rational AppScan OnDemand Leverage IBM security expertise and proven processes in offering, allowing you to leverage Rational’s expertise and an outsourced, turnkey SaaS model proven processes, easily scale and add users as needed, and By accessing Rational AppScan software capabilities as a gain better control of costs. managed service, you can take advantage of product benefits without the costs of adding staff or hardware. Rational AppScan Enterprise Edition software features In addition to the convenience and extensibility of central- Rational AppScan software features as a managed ized administration, Rational AppScan Enterprise Edition service software features include: ● A state-of-the-art security testing environment. ● The ability to distribute security testing to multiple teams ● A focus on protecting your operating environment: these to ease the testing burden on the security organization, services are built with sophisticated security tools and and to scan and test hundreds of applications simultane- techniques. ously and retest them frequently, following changes. ● Dedicated security and compliance assistance from ● A QuickScan testing tool to execute administrator- IBM professionals defined scan templates for developers and other non- ● Rational AppScan Standard Edition software or Rational security professionals, without desktop installation or AppScan Enterprise Edition software SaaS customers can configuration. engage an IBM security analyst to help: ● A central data repository that automatically stores and aggregates static and dynamic analysis test results to — Configure and tune scans to potentially ensure com- enable multiple views and enterprise-wide access. prehensive coverage for each application. ● Automated correlation of static and dynamic analysis test — Review and analyze results to help eliminate false results (hybrid analysis) for more precise results and the positives, identify patterns, prioritize issues and high- ability to pinpoint issues to individual lines of code to light remediation tasks. speed remediation tasks. — Track remediation progress by maintaining trend data, tracking resolution from scan to scan, and reporting on remediation effectiveness.
For more information To learn more about IBM Rational AppScan products, contact your IBM representative or IBM Business Partner, or visit: ibm.com/software/rational/offerings/testing/ webapplicationsecurity © Copyright IBM Corporation 2010 Web-based training IBM Corporation Software Group IBM offers web-based application security training, delivered Route 100 online and in 15-minute intervals. In addition to basic product Somers, NY 10589 instruction, the training service provides targeted advice for U.S.A. developers, QA teams and security professionals. Produced in the United States of America December 2010 All Rights Reserved Additionally, financing solutions from IBM Global Financing can enable effective cash management, protection from tech- IBM, the IBM logo, ibm.com and Rational are trademarks or registered nology obsolescence, improved total cost of ownership and trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked return on investment. Also, our Global Asset Recovery terms are marked on their first occurrence in this information with a Services help address environmental concerns with new, trademark symbol (® or ™), these symbols indicate U.S. registered or more energy-efficient solutions. For more information on common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law IBM Global Financing, visit: ibm.com/financing trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Adobe and PostScript are registered trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft is a trademark of Microsoft Corporation in the United States, other countries, or both. Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which IBM operates. The information contained in this document is provided for informational purposes only and provided “as is” without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. Without limiting the foregoing, all statements regarding IBM future direction or intent are subject to change or withdrawal without notice and represent goals and objectives only. IBM customers are responsible for ensuring their own compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. Please Recycle RAB14001-USEN-03

Recomendados

Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 
Securing virtualization in real world environments
Securing virtualization in real world environmentsSecuring virtualization in real world environments
Securing virtualization in real world environmentsArun Gopinath
 
Cloud computing white paper who do you trust
Cloud computing white paper who do you trustCloud computing white paper who do you trust
Cloud computing white paper who do you trustArun Gopinath
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
Rewriting the rules of patch management
Rewriting the rules of patch managementRewriting the rules of patch management
Rewriting the rules of patch managementArun Gopinath
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframeArun Gopinath
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud securityArun Gopinath
 
Realizing business value with iam
Realizing business value with iamRealizing business value with iam
Realizing business value with iamArun Gopinath
 

Recomendados

Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 
Securing virtualization in real world environments
Securing virtualization in real world environmentsSecuring virtualization in real world environments
Securing virtualization in real world environmentsArun Gopinath
 
Cloud computing white paper who do you trust
Cloud computing white paper who do you trustCloud computing white paper who do you trust
Cloud computing white paper who do you trustArun Gopinath
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
Rewriting the rules of patch management
Rewriting the rules of patch managementRewriting the rules of patch management
Rewriting the rules of patch managementArun Gopinath
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframeArun Gopinath
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud securityArun Gopinath
 
Realizing business value with iam
Realizing business value with iamRealizing business value with iam
Realizing business value with iamArun Gopinath
 
Secure by design
Secure by designSecure by design
Secure by designArun Gopinath
 
Ibm xiv storage your ideal cloud building block
Ibm xiv storage your ideal cloud building blockIbm xiv storage your ideal cloud building block
Ibm xiv storage your ideal cloud building blockArun Gopinath
 
C 4
C 4C 4
C 4Les Davy
 
Goose chasegroup
Goose chasegroupGoose chasegroup
Goose chasegroupLes Davy
 
Kudavi 1.28.2016
Kudavi 1.28.2016Kudavi 1.28.2016
Kudavi 1.28.2016Tom Currier
 
B a b 1 akuntansi
B a b 1 akuntansiB a b 1 akuntansi
B a b 1 akuntansiFebri Phaniank
 
Notam 05 02-16
Notam 05 02-16Notam 05 02-16
Notam 05 02-16Carlos Carvalho
 
Nibiru: Building your own NoSQL store
Nibiru: Building your own NoSQL storeNibiru: Building your own NoSQL store
Nibiru: Building your own NoSQL storeEdward Capriolo
 
Kell e új megközelítés a marketing tervezésben ?
Kell e új megközelítés a marketing tervezésben ?Kell e új megközelítés a marketing tervezésben ?
Kell e új megközelítés a marketing tervezésben ?Edit Ditte Szabó
 
Latin I Lesson 07
Latin I Lesson 07Latin I Lesson 07
Latin I Lesson 07polaramy
 
Practical eCommerce with WooCommerce
Practical eCommerce with WooCommercePractical eCommerce with WooCommerce
Practical eCommerce with WooCommerceBrian Krogsgard
 
Apartment belgrade
Apartment belgradeApartment belgrade
Apartment belgradeNa Liniji Arhitekture
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 

Mais conteúdo relacionado

Destaque

Ibm xiv storage your ideal cloud building block
Ibm xiv storage your ideal cloud building blockIbm xiv storage your ideal cloud building block
Ibm xiv storage your ideal cloud building blockArun Gopinath
 
Goose chasegroup
Goose chasegroupGoose chasegroup
Goose chasegroupLes Davy
 
Kudavi 1.28.2016
Kudavi 1.28.2016Kudavi 1.28.2016
Kudavi 1.28.2016Tom Currier
 
Nibiru: Building your own NoSQL store
Nibiru: Building your own NoSQL storeNibiru: Building your own NoSQL store
Nibiru: Building your own NoSQL storeEdward Capriolo
 
Kell e új megközelítés a marketing tervezésben ?
Kell e új megközelítés a marketing tervezésben ?Kell e új megközelítés a marketing tervezésben ?
Kell e új megközelítés a marketing tervezésben ?Edit Ditte Szabó
 
Latin I Lesson 07
Latin I Lesson 07Latin I Lesson 07
Latin I Lesson 07polaramy
 
Practical eCommerce with WooCommerce
Practical eCommerce with WooCommercePractical eCommerce with WooCommerce
Practical eCommerce with WooCommerceBrian Krogsgard
 

Destaque (12)

Secure by design
Secure by designSecure by design
Secure by design
 
Ibm xiv storage your ideal cloud building block
Ibm xiv storage your ideal cloud building blockIbm xiv storage your ideal cloud building block
Ibm xiv storage your ideal cloud building block
 
C 4
C 4C 4
C 4
 
Goose chasegroup
Goose chasegroupGoose chasegroup
Goose chasegroup
 
Kudavi 1.28.2016
Kudavi 1.28.2016Kudavi 1.28.2016
Kudavi 1.28.2016
 
B a b 1 akuntansi
B a b 1 akuntansiB a b 1 akuntansi
B a b 1 akuntansi
 
Notam 05 02-16
Notam 05 02-16Notam 05 02-16
Notam 05 02-16
 
Nibiru: Building your own NoSQL store
Nibiru: Building your own NoSQL storeNibiru: Building your own NoSQL store
Nibiru: Building your own NoSQL store
 
Kell e új megközelítés a marketing tervezésben ?
Kell e új megközelítés a marketing tervezésben ?Kell e új megközelítés a marketing tervezésben ?
Kell e új megközelítés a marketing tervezésben ?
 
Latin I Lesson 07
Latin I Lesson 07Latin I Lesson 07
Latin I Lesson 07
 
Practical eCommerce with WooCommerce
Practical eCommerce with WooCommercePractical eCommerce with WooCommerce
Practical eCommerce with WooCommerce
 
Apartment belgrade
Apartment belgradeApartment belgrade
Apartment belgrade
 

Último

React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 

Último (20)

React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 

Ibm rational app scan managing application security and regulatory compliance

  • 1. IBM Software Rational Security IBM Rational AppScan: Managing application security and regulatory compliance Identify, prioritize, track and remediate critical security vulnerabilities throughout the application life cycle
  • 2. 2 IBM Rational AppScan: Managing application security and regulatory compliance Comprehensive application vulnerability The IBM Rational AppScan software product suite includes: management Licensed offerings Many organizations depend on web-based software to run ● IBM Rational AppScan Express Edition their business processes, conduct transactions and deliver ● IBM Rational AppScan Standard Edition increasingly sophisticated services to customers. Every applica- ● IBM Rational AppScan Source Edition tion destined for online deployment should address security ● IBM Rational AppScan Build Edition issues as an integral part of the software delivery process. ● IBM Rational AppScan Tester Edition Unfortunately, in the race to meet deadlines and stay ahead of ● IBM Rational AppScan Reporting Console the competition, many businesses fail to perform adequate ● IBM Rational AppScan Enterprise Edition security testing, and the resulting vulnerabilities provide ample opportunity for hackers to access or steal corporate or per- SaaS offerings sonal data—placing the entire business at risk. ● IBM Rational AppScan OnDemand ● IBM Rational AppScan OnDemand Premium The most efficient way to stay ahead of application security ● IBM Rational AppScan OnDemand Production Site vulnerabilities is to build software securely, from the ground Monitoring up. The challenge is that the majority of developers are not ● IBM Rational AppScan OnDemand Source Code Analysis security experts, and secure coding is historically not identified as a priority relative to delivering functionality on time and on Training and service options budget. As a result, web-based and non-web based applications ● IBM Rational web-based training for AppScan alike continue to be deployed riddled with vulnerabilities ● IBM Rational Professional Services ready for exploitation, easily risking sensitive data to a breach. Each of these solutions provides scanning, reporting and fix The onerous task of vulnerability identification and remedia- recommendation functionality, and each is designed for a vari- tion cannot be successfully addressed by limited IT security ety of users, including information security managers, penetra- resources. So the best way to engage development in the tion testers, security auditors, application developers, build process of application security is to provide them with tools managers, and quality assurance (QA) teams. that fit into their existing environment and workflow, and that generate results in a language they understand. The Protect critical web-based business assets IBM® Rational® AppScan® software portfolio enables organ- Offering comprehensive security capabilities for complex web izations to embed application security testing throughout the applications, the Rational AppScan software suite scans and development life cycle to help increase visibility and control tests for common web application vulnerabilities, including while employing a risk mitigation strategy. those identified by the Web Application Security Consortium (WASC) threat classification. Rational AppScan solutions From requirements, through design and code, security testing, share an extensive range of powerful, flexible core features to and into production, Rational AppScan software helps to provide robust application scanning coverage for the latest ensure that critical security vulnerabilities are identified, prior- Web 2.0 technologies, including enhanced support for itized, tracked, and remediated across the application life Adobe® Flash technology and advanced JavaScript frame- cycle. In short, Rational AppScan software helps you to design works, coupled with comprehensive support for AJAX-based security into your application infrastructure. applications.
  • 3. IBM Software 3 IBM Rational AppScan core features Feature Benefits Scanning efficiency and ● The user interface provides a view selector for the application tree, along with hierarchical security issues results ease of use lists, developer remediation views and details panes. ● An adaptive test process helps users to analyze application parameters and select only relevant tests that do not impede the development process. ● Complex authentication support allows testing for multistep authentication procedures. ● Advanced session management performs automatic re-logins when required. ● Real-time results views help users to act on issues before a scan is complete. ● Prebuilt pattern search rules facilitate security testing around credit card, social security or other numerical sequences. Customization and control ● Rational AppScan eXtensions Framework technology helps users create, share and load powerful add-ons that extend testing capabilities. ● Pyscan, which couples Rational AppScan software with the capabilities of Python scripts, lets users leverage scanning capabilities without the limitations of a user interface. ● Rational AppScan software development kit (SDK) helps users invoke actions, from executing a long scan to sub- mitting a custom test. The SDK interfaces are designed to ease integrations and support customized use of the scan engine, along with Rational AppScan eXtensions Framework and Pyscan options. Vulnerability detection ● Coverage for global validation analyzes test responses for inadvertently triggered issues, Secure Sockets Layer (SSL) certificate testing and cross-site request forgery (CSRF) testing. ● Hacker simulations aid in the search for current, known vulnerabilities. ● Notifications on the latest threats are delivered automatically when users launch a Rational AppScan application. ● A bundled utility suite helps penetration testers and security consultants develop, test and debug web applications. ● Security testing coverage for web services. “ We turned to IBM Rational because they offered both the technology leadership and the deep security expertise required to help us implement an analysis strategy that could be embedded in our existing development process. By doing so we have been able to vastly improve the security of our software while reducing costs by finding vulnerabilities earlier where they are less costly to repair.” —Marek Hlávka, Chief Security Officer, Skoda Auto
  • 4. 4 IBM Rational AppScan: Managing application security and regulatory compliance IBM Rational AppScan Express Edition Conduct security audits and production monitoring IBM Rational AppScan Standard Edition Automating web application testing processes to help security Gain robust web application security features auditors and penetration testers quickly and efficiently do Organizations with small or limited application development their jobs requires sophisticated and intelligent scanning teams also need to consider security testing as part of the technologies. Rational AppScan Standard Edition software development life cycle. Yet these organizations often have to includes features designed to support moderate and sacrifice functionality for affordability. Rational AppScan power users. Express Edition software meets the requirements of mid-size organizations by delivering the uncompromising security test- ing functionality at an attractive price point. Designed for ease Rational AppScan Express Edition and Standard Edition of deployment, Rational AppScan Express Edition software software features can help lower the time and costs associated with manual vul- ● JavaScript Analyzer: Leveraging dynamic and static nerability testing, allowing your teams to focus on other IT analysis to help deliver scanning hybrid analysis and and security-related needs within your organization. identify previously unknown vulnerabilities. ● Scan expert: A wizard tool that offers guidance for scan creation and set-up based on best practices, including the use of additional tools. Users can authorize a pre-scan that profiles the target application and recom- mends actions required for a successful scan. ● State inducer: Scans and tests complex business processes (such as multistep online shopping carts and order tracking) and maintains parameter values and cookies throughout. ● Predefined scan templates: Helps users to quickly choose and launch configuration options. ● Rapid scan configuration wizard: Guides users through important settings as well as conditional steps for proxy/platform authentication and in-session detection information. ● New request/response tabs: Offer syntax highlighting, request/response, collapse/expand, as-you-type search and additional right-click options. ● Microsoft® Word template-based reporting. ● Embedded web-based training modules: Help explain issues and demonstrate exploits. ● Automated web services assessments: Help locate Figure 1: Rational AppScan Standard software helps you identify vulnera- application-layer vulnerabilities, SOAP and XML parser bilities in your website before the hackers do. vulnerabilities and web services infrastructure vulnerabilities.
  • 5. IBM Software 5 IBM Rational AppScan Build Edition Tester and Edition software, Rational AppScan Reporting Automate security testing Console software is backed by an enterprise-class database Rational AppScan Build Edition software supports automated that allows you to consolidate scan results from multiple security testing at the build stage of the software development Rational AppScan Express and Standard clients to create a life cycle. By integrating with multiple build management centralized application vulnerability repository. Scan results systems, such as IBM Rational Build Forge® software, it can be easily distributed to QA and development teams with- provides security testing coverage for scheduled builds. It also out having to install additional desktop licenses, helping to routes the results back to development though defect-tracking simplify the remediation process and integrate vulnerability solutions such as IBM Rational ClearQuest® software, or analysis across the software development life cycle. Rational through security reporting solutions such as Rational AppScan AppScan Reporting Console software allows you to create Enterprise Edition software or Rational AppScan Reporting multiple dashboards for multiple users, giving individuals the Console software. ability to segment security data by application, business unit, geography or third-party provider. Rational AppScan Build Edition software includes the same set of analysis techniques as the Rational AppScan Developer Edition software, providing a high level of accuracy plus code Rational AppScan Reporting Console software features coverage that helps you identify which code has been tested. In addition to the convenience and extensibility of central- ized administration, Rational AppScan Reporting Console IBM Rational AppScan Tester Edition Make security testing part of your quality management software features include: program ● A central data repository: Automatically stores and Rational AppScan Tester Edition software, available as a desk- aggregates static and dynamic analysis test results for top application, offers capabilities to help QA teams integrate enterprise-wide access and multiple views. security testing into existing quality management processes, ● Automated correlation of analysis test results: Static and thereby easing the burden on security professionals. dynamic (hybrid analysis). ● A web-based reporting console: Provides role-based Because Rational AppScan Tester Edition software integrates access to security reports and facilitates communication with leading testing systems, QA professionals can use its across the organization. ● Executive dashboards and delta analysis reports: functionality in test scripts and can conduct security checks Highlight changes from one scan to the next, including within their familiar testing environments, facilitating the fixed, pending and new security issues. adoption of security testing along with functional and per- ● Centralized controls: Monitoring and control web applica- formance testing. tion vulnerability testing across the organization. IBM Rational AppScan Reporting Console Access centralized reporting on web application vulnerability data IBM Rational AppScan Reporting Console software is a pow- erful web-based management and reporting application. Fully integrated with Rational AppScan Express, Standard, Source,
  • 6. 6 IBM Rational AppScan: Managing application security and regulatory compliance IBM Rational AppScan Source Edition Embed security testing seamlessly into your development Rational AppScan Source Edition software features environment The most efficient way to stay ahead of application security ● Address the root cause of data breach risk through vulnerabilities is to build software securely from the ground the identification and remediation of security defects in the source at the early stages of the application life cycle. up. The challenge is that most developers are not security ● Create, distribute and enforce consistent policies and experts, and writing security-rich code is not always their top empower enterprise-wide metrics and reporting with a priority. So the best way to engage development in the process centralized policy and assessment database. of application security is to provide them with tools that work ● Accommodate a broad portfolio of large and complex in their environment and that generate results in languages applications across a wide range of languages. they understand. ● Build automated security into development by seamlessly integrating security source code analysis with automated Rational AppScan Source Edition software is designed to help scanning during the build process. developers and build managers invoke application security ● Facilitate collaboration between security and develop- testing from within their development or build environment. ment by offering flexible triage and remediation that It helps the development organization to address the volume automates flow of information between these teams. ● Provide a method to certify outsourced applications by of security issues that can be introduced in code, streamlining building security requirements into outsourcing contracts the development life-cycle workflow and helping to reduce and leveraging Rational AppScan Source Edition software costly security testing bottlenecks that can occur at the end of to manage acceptance criteria. the release cycle. ● Provide options for security, development and remediation types of users. ● Allow security teams to scan, triage, manage security policies and prioritize the assigning of results for vulnerability remediation. ● Help development teams to pinpoint vulnerabilities and provide precise, detailed remediation advice for rapid fixes, all within the developer IDE. Figure 2: Rational AppScan Source Edition software provides a work- bench to configure applications and projects, scan code, analyze, triage, and take action on priority vulnerabilities. You can also publish assess- ments to Rational AppScan Enterprise Edition software for correlation.
  • 7. IBM Software 7 IBM Rational AppScan Enterprise Edition Scale application security testing across the enterprise Rational AppScan Enterprise Edition software features With its web-based architecture, Rational AppScan Enterprise ● A web-based console that provides role-based user Edition software is designed to help organizations distribute access to security reports, tracking and trending responsibility for security testing and provide visibility and over time, which facilitates communication across the access to multiple stakeholders. Scalability and centralized organization. control facilitate the necessary governance, collaboration, and ● Executive dashboards and delta analysis reports that risk management capabilities to effectively manage security highlight changes from one scan to the next, including testing across the enterprise. AppScan Enterprise Edition fixed, pending and new security issues. helps ensure timely communication and coordination across ● Centralized controls for monitoring and controlling web multiple teams as results are prioritized, tracked, and remedi- application vulnerability testing across the organization. ated. It provides regulatory compliance reports and an overall compliance view, while management views offer real-time graphical dashboards and trending of the organization’s secu- rity posture. Enterprise Edition is also available as a SaaS IBM Rational AppScan OnDemand Leverage IBM security expertise and proven processes in offering, allowing you to leverage Rational’s expertise and an outsourced, turnkey SaaS model proven processes, easily scale and add users as needed, and By accessing Rational AppScan software capabilities as a gain better control of costs. managed service, you can take advantage of product benefits without the costs of adding staff or hardware. Rational AppScan Enterprise Edition software features In addition to the convenience and extensibility of central- Rational AppScan software features as a managed ized administration, Rational AppScan Enterprise Edition service software features include: ● A state-of-the-art security testing environment. ● The ability to distribute security testing to multiple teams ● A focus on protecting your operating environment: these to ease the testing burden on the security organization, services are built with sophisticated security tools and and to scan and test hundreds of applications simultane- techniques. ously and retest them frequently, following changes. ● Dedicated security and compliance assistance from ● A QuickScan testing tool to execute administrator- IBM professionals defined scan templates for developers and other non- ● Rational AppScan Standard Edition software or Rational security professionals, without desktop installation or AppScan Enterprise Edition software SaaS customers can configuration. engage an IBM security analyst to help: ● A central data repository that automatically stores and aggregates static and dynamic analysis test results to — Configure and tune scans to potentially ensure com- enable multiple views and enterprise-wide access. prehensive coverage for each application. ● Automated correlation of static and dynamic analysis test — Review and analyze results to help eliminate false results (hybrid analysis) for more precise results and the positives, identify patterns, prioritize issues and high- ability to pinpoint issues to individual lines of code to light remediation tasks. speed remediation tasks. — Track remediation progress by maintaining trend data, tracking resolution from scan to scan, and reporting on remediation effectiveness.
  • 8. For more information To learn more about IBM Rational AppScan products, contact your IBM representative or IBM Business Partner, or visit: ibm.com/software/rational/offerings/testing/ webapplicationsecurity © Copyright IBM Corporation 2010 Web-based training IBM Corporation Software Group IBM offers web-based application security training, delivered Route 100 online and in 15-minute intervals. In addition to basic product Somers, NY 10589 instruction, the training service provides targeted advice for U.S.A. developers, QA teams and security professionals. Produced in the United States of America December 2010 All Rights Reserved Additionally, financing solutions from IBM Global Financing can enable effective cash management, protection from tech- IBM, the IBM logo, ibm.com and Rational are trademarks or registered nology obsolescence, improved total cost of ownership and trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked return on investment. Also, our Global Asset Recovery terms are marked on their first occurrence in this information with a Services help address environmental concerns with new, trademark symbol (® or ™), these symbols indicate U.S. registered or more energy-efficient solutions. For more information on common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law IBM Global Financing, visit: ibm.com/financing trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Adobe and PostScript are registered trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft is a trademark of Microsoft Corporation in the United States, other countries, or both. Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which IBM operates. The information contained in this document is provided for informational purposes only and provided “as is” without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. Without limiting the foregoing, all statements regarding IBM future direction or intent are subject to change or withdrawal without notice and represent goals and objectives only. IBM customers are responsible for ensuring their own compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. Please Recycle RAB14001-USEN-03