Security on developerWorks

IBM Security AppScan Enterprise Edition (AppScan) offers advanced application security testing and risk management with a platform that drives governance, collaboration, and security intelligence throughout the application life cycle. While configuring and running scans using AppScan, novice security testers might encounter problems such as improper scan coverage, excessive scan times, failed or suspended scans, communication errors, and so on. The practices described in this white paper will help security testers configure and run more successful scans with IBM Security AppScan Enterprise Edition.

You know you need to get a better handle on managing the security of your public facing web apps. But what does that mean exactly, how do you elevate your day to day activities that to something that doesn't resemble a chicken running around with it's head cut off? IBM Security Systems has a demo video that will help you think about what web app security management _should_ look like.

This demonstration video follows Steve, IT security manager for an online retailer, as he utilizes IBM Security AppScan® Enterprise to manage application security risk. The video demonstrates how Steve uses IBM Security AppScan Enterprise to review applications' security risk ratings, address PCI DSS compliance requirements, and gain a comprehensive view of application security risk in his organization. 

You might also be interested in.....

IBM® Security AppScan® is a leading application security testing suite designed to help manage vulnerability testing throughout the software development life cycle. IBM Security AppScan automates vulnerability assessments and scans and tests for all common Web application vulnerabilities including SQL-injection, cross-site scripting, buffer overflow, and new flash/flex application and Web 2.0 exposure scans.

Appscan provides full coverage of the OWASP Top 10 for 2013. Our solution also includes support for industry-standard Transport Layer Security (TLS) protocol 1.2, and is compliant with Federal Information Publication Standard (FIPS) 140-2 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131a.

Download a trial version of AppScan Standard.

When it comes to scanning applications for security vulnerabilities, no two web app owners want to do the exact same thing. Invasive or non-invasive? Automated or Free-form? Single tester or a team of testers. So no single instance of an application scanning tool is going to satisfy everyone's requirements. That's why AppScan Enterprise supports a multi-plexed install of IBM Security AppScan Enterprise. Each business unit can have their own instance of AppScan Enter[prise, manage access to it, maange access to its reporting dashboard, and set their own standard for what is and isn't scanned and how often.

Lalitha Saravana Prasad and Adarsh Thampian have published a white paper documenting their design and implementation notes for setting up a multiplexed instance of AppScan Enterprise called "Implementing an AppScan Enterprise-based Web Security Solution" which you can use to plan your enterprise's multiplexed install of AppScan Enterprise.

You might also be interested in......

Of course you may want to enable your individual tested to set up their own application scanning environment using IBM Security AppScan Standard and you can download an evaluation version of ApScan Standard today.