Pinned topic AppScan Standard vs Source scanning capabilities comparison with example
ScottH 120000998U16 Posts
Re: AppScan Standard vs Source scanning capabilities comparison with example2013-12-06T15:36:19ZThis is the accepted answer. This is the accepted answer.
There is no direct comparison between the 2 tools as they both approach application security different ways. More accurately they complement one another.
As a white box scanner, AppScan Source is used during the development cycle to scan your application. With this you are able to confirm if your application performs validations of input required by your business security policy. It does this through a static analysis of your source code. This fits more in with the development phase of the lifecycle.
As a black box scanner, AppScan Standard (and AppScan Enterprise) perform a live scan against a running and deployed web application. This scan approach is similar to what a hacker may attempt against your application. Because this is done against a deployed and running web application, it is typically done later in the lifecycle during testing.
So as you can see, Source attempts to identify and allow you to mitigate issues in your code early in the lifecycle while Standard and Enterprise target your running application and attempt to identify issues with the deployed application and application server environment.