Identify and remediate web application vulnerabilities to reduce application risk
Rational AppScan Standard Edition software scans and tests for vulnerabilities and security defects with a desktop solution that delivers advanced web application security testing, broad coverage of the latest Web 2.0 technologies and ease of use for clients to get fast, reliable results.
Enables comprehensive automated testing of Web applications for vulnerabilities with a combination of dynamic application security testing (DAST) and advanced hybrid technologies including static taint analysis of client-side JavaScript and new glass box testing for run-time analysis
Automates dynamic (black box) security testing for emerging Web vulnerabilities including Web Services, Web 2.0 and Rich Internet Applications (JavaScript, Ajax and Adobe Flash)
Includes new glass box analysis for run-time analysis – a form of integrated application security testing (IAST) – that adds an internal agent to the application to monitor behavior during a dynamic scan and deliver new benefits such as: full coverage of OWASP Top 10 threats and line of code details for specific vulnerabilities to match proof of exploit with the precise defect that created the vulnerability
Analyzes the source code of dynamically generated client-side JavaScript with JavaScript Security Analyzer for advanced static (white box) analysis of client-side security issues, such as DOM-based cross site scripting and code injection
Enables clients to quickly and easily get results with work flows, configuration wizards and Scan Expert
Includes vulnerability descriptions and remediation guidance with every identified vulnerability to assist security testers engage with developers and correct the underlying security defect
Scans Web sites for embedded malware and links to malicious or undesirable sites
Provides customization and extensibility with the AppScan eXtension Framework, which allows the user community to build and share open source add-ons
Includes regulatory compliance reporting templates with more than 40 out-of-the box compliance reports including PCI Data Security Standard, Payment Applications Data Security (PA-DSS) (new), ISO 27001 and ISO 27002 (new) and Basel II