IBM Rational AppScan
Encyclopedia
IBM Rational AppScan is a family of web security testing and monitoring tools from the Rational Software
division of IBM
. AppScan is intended to test Web applications for security vulnerabilities during the development process, when it is least expensive to fix such problems. The product learns the behavior of each application, whether an off-the-shelf application or internally developed, and develops a program intended to test all of its functions for both common and application-specific vulnerabilities.
i software company Sanctum Ltd. (which was initially named Perfecto Technologies) and was first released in 1998. In 1999 Sanctum expended it web secuirty offering and launched one of the world's first Application firewall, namsed AppShield.
AppScan version 2 was released in February 2001, adding policy recognition engine and knowledge database, an automatic and customizable crawler engine and attack simulator. Version 3 was released in April 2002, adding collaborative testing capabilities, where different tasks can be assigned to different testers; and a number of user interface enhancements in both the scanning and reporting sections of the program. By 2003 AppScan was used by over 500 enterprise customers and revenues reached $30m.
In July 2004, Sanctum was acquired by Massachusetts
based company Watchfire, which developed a web applications management platform named WebXM. AppScan became Watchfire's flagship product and Sanctum's R&D center in Herzliya
, Israel, became Watchfire's main R&D location.
In June 2007, Watchfire was acquired by IBM
and incorporated into the Rational Software
product line, enabling IBM to cover more of the application development lifecycle; with an addition of a tool to help developers make security intrinsic to the application. Watchfire R&D center was incorporated into IBM R&D Labs in Israel.
In 2009 IBM acquired Ounce Labs
, adding to the AppScan line a tool that finds and corrects vulnerabilities in software source code during the development process, which was renamed AppScan Source Edition.
Rational Software
Rational Machines was founded by Paul Levy and Mike Devlin in 1981 to provide tools to expand the use of modern software engineering practices, particularly explicit modular architecture and iterative development...
division of IBM
IBM
International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...
. AppScan is intended to test Web applications for security vulnerabilities during the development process, when it is least expensive to fix such problems. The product learns the behavior of each application, whether an off-the-shelf application or internally developed, and develops a program intended to test all of its functions for both common and application-specific vulnerabilities.
History
AppScan was originally developed by IsraelIsrael
The State of Israel is a parliamentary republic located in the Middle East, along the eastern shore of the Mediterranean Sea...
i software company Sanctum Ltd. (which was initially named Perfecto Technologies) and was first released in 1998. In 1999 Sanctum expended it web secuirty offering and launched one of the world's first Application firewall, namsed AppShield.
AppScan version 2 was released in February 2001, adding policy recognition engine and knowledge database, an automatic and customizable crawler engine and attack simulator. Version 3 was released in April 2002, adding collaborative testing capabilities, where different tasks can be assigned to different testers; and a number of user interface enhancements in both the scanning and reporting sections of the program. By 2003 AppScan was used by over 500 enterprise customers and revenues reached $30m.
In July 2004, Sanctum was acquired by Massachusetts
Massachusetts
The Commonwealth of Massachusetts is a state in the New England region of the northeastern United States of America. It is bordered by Rhode Island and Connecticut to the south, New York to the west, and Vermont and New Hampshire to the north; at its east lies the Atlantic Ocean. As of the 2010...
based company Watchfire, which developed a web applications management platform named WebXM. AppScan became Watchfire's flagship product and Sanctum's R&D center in Herzliya
Herzliya
Herzliya is a city in the central coast of Israel, at the western part of the Tel Aviv District. It has a population of 87,000 residents. Named after Theodor Herzl, the founder of modern Zionism, Herzliya covers an area of 26 km²...
, Israel, became Watchfire's main R&D location.
In June 2007, Watchfire was acquired by IBM
IBM
International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...
and incorporated into the Rational Software
Rational Software
Rational Machines was founded by Paul Levy and Mike Devlin in 1981 to provide tools to expand the use of modern software engineering practices, particularly explicit modular architecture and iterative development...
product line, enabling IBM to cover more of the application development lifecycle; with an addition of a tool to help developers make security intrinsic to the application. Watchfire R&D center was incorporated into IBM R&D Labs in Israel.
In 2009 IBM acquired Ounce Labs
Ounce Labs
Ounce Labs is a Waltham, Massachusetts-based security software vendor. The company was founded in 2002 and provides a product that analyzes software source code to identify security vulnerabilities in source code. The product is intended to help developers, quality assurance and security analysts...
, adding to the AppScan line a tool that finds and corrects vulnerabilities in software source code during the development process, which was renamed AppScan Source Edition.
Editions
- AppScan Standard Edition - DesktopDesktopDesktop refers to the surface of a desk.The term has been adopted as an adjective to distinguish office appliances which can be fitted on top of a desk, from larger equipment covering its own area on the floor....
software for automated Web application security testing environment for IT Security, auditors, and penetration testers
- AppScan Tester Edition - An edition that integrates with IBM Rational Quality ManagerIBM Rational Quality ManagerIBM Rational Quality Manager provides a collaborative application lifecycle management environment for test planning, construction, and execution.-Overview:...
to form a security testing QA environment
- AppScan Build Edition - A version that embeds web application security testing into the build managementBuild AutomationBuild automation is the act of scripting or automating a wide variety of tasks that software developers do in their day-to-day activities including things like:* compiling computer source code into binary code* packaging binary code* running tests...
workflow
- AppScan Enterprise Edition - Client-serverClient-serverThe client–server model of computing is a distributed application that partitions tasks or workloads between the providers of a resource or service, called servers, and service requesters, called clients. Often clients and servers communicate over a computer network on separate hardware, but both...
version used to scale security testing.
- AppScan OnDemand - Identifies and prioritizes Web Application Security vulnerabilities via SaaSSaasSAAS is an abbreviation for* Social Accountability Accreditation Services* Software as a service * Student Awards Agency for Scotland* Seattle Academy of Arts and Sciences* South Australian Ambulance Service...
Model
- AppScan OnDemand Production Site Monitoring - Monitors production Web content and sites for security vulnerabilities via SaaSSaasSAAS is an abbreviation for* Social Accountability Accreditation Services* Software as a service * Student Awards Agency for Scotland* Seattle Academy of Arts and Sciences* South Australian Ambulance Service...
Model
- AppScan Source Edition - Prevent data breaches by locating security flaws in the source code
- AppScan Reporting Console - Reporting add-on