5724-T59 IBM Security AppScan Standard V9.0

IBM United States Sales Manual
Revised:  July 11, 2019.

 
Table of contents
TOC Link Product life cycle dates TOC Link Description
TOC Link Program number TOC Link Operating environment
TOC Link Abstract TOC Link Planning information
TOC Link Highlights TOC Link Publications

 

Product life cycle dates

Program NumberVRM Announced Available Marketing Withdrawn Service Discontinued
5724-T5909.00.032015/11/172015/11/17 2019/07/012019/07/01
5724-T5909.00.022015/04/142015/04/14 2019/07/012019/07/01
5724-T5909.00.012014/10/142014/10/21 2019/07/012019/07/01
5724-T5909.00.002014/02/252014/03/28 2019/07/012019/07/01
5724-T5908.08.002013/10/082013/10/22 2017/04/212017/04/30
5724-T5908.07.002013/02/262013/03/25 2017/04/212017/04/30
5724-T5908.06.002012/08/212012/09/14 2016/04/152016/04/30
5724-T5908.05.002011/11/152011/11/15 2016/04/152016/04/30
5724-T5908.00.002010/10/262010/10/26 2015/09/182015/09/30
5724-T5907.09.002009/10/202009/10/20 2015/04/172015/04/30
5724-T5907.08.002007/11/132007/11/19 2019/07/012011/09/30
5724-T5907.07.002007/11/132007/11/19 2019/07/012011/09/30
5724-T5907.06.012007/10/162007/10/16 2008/02/122016/04/30
5724-T5108.05.002011/11/152011/11/15 2016/04/162016/04/30
5724-T5108.00.002010/10/262010/10/26 2015/04/172015/04/30
5724-T5107.07.002007/11/132007/11/26 2011/05/012012/09/30
5724-T5107.06.012007/10/162007/10/16 2008/02/122012/09/30
5724-T5105.06.002009/10/202009/10/20 2013/04/192013/04/30
5724-T5105.05.002008/12/162008/12/16 2012/09/212012/09/30

Back to topBack to top

Program number

  • IBM Security AppScan Standard V9.0.3 (5724-T59)
  • IBM Security AppScan Tester V8.5.0 (5724-T51)

Back to topBack to top

Abstract

IBM Security AppScan Enterprise V9.0.3 delivers:

  • Enhanced vulnerability management and dashboard metrics
  • Enhanced Dynamic Analysis of rich Internet applications
  • Automated redundant page detection and enhanced in-session pattern detection for easier configuration of Dynamic Analysis scans
  • Dynamic Analysis memory management and performance improvements

IBM Security AppScan Standard V9.0.2

IBM Security AppScan Standard V9.0.2 enhancements:

  • Architecture redesign where Dynamic Analysis scan engine and user interface operate in separate processes to enhance performance and stability.
  • Early and inline Dynamic Analysis scan configuration validation with connection to target application, login, and session management settings.

IBM Security AppScan Standard V9.0.1 enhancements

  • A configuration wizard enabling easier setup of web services security scans.
  • Enhanced dynamic analysis performance and scan stability when testing applications using client-side JavaScript.
  • Support for testing applications using SmartCard authentication.
  • Improved handling of applications with sequential flows.
  • Easier URL parameter exclusion for optimizing a scan configuration.
  • Enhanced vulnerability validation tips.
IBM Secuity AppScan Standard V9.0

IBM Security AppScan V9.0 application security portfolio continues to deliver on static, dynamic, and interactive application security testing. IBM Security AppScan portfolio provides a platform for centrally managing application security testing and risk management as critical elements of application lifecycle management.

IBM Security AppScan Standard V9.0 provides:

  • An extension of support for interactive application security testing (glass box) to Microsoft .NET applications.
  • An updated login management view of the configuration dialog box to enable more efficient session management, such as:
    • Action-based login, which reproduces the user's actual actions in the browser, rather than just the requests, is now exposed in the user interface. You can watch the sequence replayed in the browser.
    • The login sequence is recorded in two forms, action-based (user clicks) and request-based, both of which you can manage through the updated details tab.
    • The Validate feature replays the login sequence live, tracks cookies, detects the in-session pattern in the final response, and greatly improves in-session maintenance during the scan.

Back to topBack to top

Highlights

IBM Security AppScan V9.0 key enhancements:

  • Extension of support for interactive application security testing (glass box) to Microsoft .NET applications.
  • An updated login management view of the configuration dialog box to enable more efficient session.

IBM Security AppScan V9.0.1

AppScan Standard provides easier testing of web services and improved vulnerability validation tips.



Back to topBack to top

Description

Organizations increasingly rely on software applications to power their mission-critical business processes. As such, these assets must be a primary area of focus in an organization's security strategy. IBM X-Force research consistently reveals that a significant percentage of security vulnerabilities pertain to web and mobile applications.

To address application security challenges effectively, organizations must take a strategic approach and implement a comprehensive application security program. Application security, just like any other area of security, is a matter of identifying and managing risk. Organizations need to have a good understanding of the relative business impact of each application and test their applications for vulnerabilities. Vulnerabilities must be prioritized and remediated to mitigate the risk that they present.

The AppScan portfolio is a leading application security management suite. It provides vulnerability testing capabilities across the complete software development lifecycle and enables security teams to implement an initiative that addresses application security risk.

The AppScan portfolio includes offerings that provide dynamic, static, and interactive analysis of enterprise web, nonweb, and mobile applications. AppScan provides the capability to build an application inventory, rank applications by business impact, track assessments, and calculate a security score for each application. Reports include vulnerability advisories and fix recommendations designed to educate and help developers to remediate the identified vulnerabilities.

AppScan offerings

IBM Security AppScan Standard is a web application and web services penetration testing solution for the security specialist. It utilizes Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) techniques. AppScan Standard provides a deep application security assessment using a number of unique capabilities, including smart Cross-Site Scripting analysis and hybrid analysis of client-side JavaScript. The patent-pending IAST (glass-box) technology provides run-time analysis, which discovers additional types of vulnerabilities and provide more accurate test results.

IBM Security AppScan Enterprise is a solution which enables organizations to manage application security risk. It provides application inventory and asset classification capabilities, consolidates all application security assessments, and calculates a security risk rating for each application. Enterprise-level dashboards display application security risk status as well as risk mitigation progress metrics. AppScan Enterprise enables governance and scalability of dynamic analysis security testing. The AppScan Enterprise centralized console is integrated with IBM Security QRadar and IBM Security SiteProtector System to provide security teams with additional context and security intelligence for prioritizing vulnerabilities and mitigating the risk that they present.

IBM Security AppScan Source analyzes source code during the development and build stages of the application lifecycle to identify security vulnerabilities with Static Application Security Testing (SAST) and integrates security testing with the software development processes and systems. AppScan Source supports secure mobile application development with testing for native Apple iOS (Objective-C) and Android (Java) applications.



Back to topBack to top

Operating environment

Hardware requirements

IBM Security AppScan Standard V9.0.1

  • Disk space: Approximately 30 GB of available hard disk space
  • Memory: 3 GB of RAM or more recommended
  • NIC network driver: 1 NIC 100 Mbps for network communication with configured TCP/IP
  • Processor: Core 2 Duo 2 GHz (or equivalent)

For current information on IBM Security AppScan Standard 9.0.1 hardware requirements, see

http://www.ibm.com/support/docview.wss?uid=swg27024155

Software requirements

IBM Security AppScan Enterprise V9.0.3

The program's specifications and specified operating environment information may be found in documentation accompanying the program, if available, such as a readme file, or other information published by IBM.



Back to topBack to top

Planning information

Customer responsibilities

Not applicable



Back to topBack to top

Publications

The publication, IBM Security AppScan Enterprise V9.0.3 Planning and Installation Guide, is shipped with AppScan Enterprise V9.0.3. It can also be found, at electronic availability, at

http://www.ibm.com/shop/publications/order?CTY=US&FNC=SRX&PBL=GC14-7268-19

Other online relevant documentation is available, at electronic availability, at

http://www.ibm.com/support/knowledgecenter/SSW2NF_9.0.3/com.ibm.ase.help.
doc/helpindex_ase.html

 

Back to topBack to top

Trademarks

(R), (TM), * Trademark or registered trademark of International Business Machines Corporation.

** Company, product, or service name may be a trademark or service mark of others.

Windows is a trademark of Microsoft Corporation.

Terms of use

IBM products and services which are announced and available in your country can be ordered under the applicable standard agreements, terms, conditions, and prices in effect at the time. IBM reserves the right to modify or withdraw this Sales Manual at any time without notice. This Sales Manual is provided for your information only. Additional terms of use are located at

Terms of use

© IBM Corporation 2019.