AppScan 8.5 was officially released on November 15th. This includes updates to AppScan Enterprise, AppScan Standard and AppScan Source editions.
Rational AppScan Standard Edition V8.5 includes the following enhancements:
- Glass box testing with run-time analysis that combines dynamic (black box) analysis with an internal agent that monitors application behavior during the attack. This combination of a remote agent with traditional black box testing provides more accurate test results, identifies new threat categories, and pinpoints specific lines of code and details that help facilitate remediation.
- Automatic parameter-based navigation detection in the Scan Expert Module to simplify scan configuration for applications that use parameters to navigate between contents and functions.
Rational AppScan Enterprise Edition V8.5 includes the following enhancements:
- Centralized platform to manage dynamic analysis (black box), source code analysis (white box), and critical integrations with application lifecycle management
- New Dynamic Analysis Scanner that is deployed separately from the Enterprise Server to scale dynamic scanning throughout an organization
- Integration with IBM Security SiteProtector and IBM Security Network IPS to feed vulnerability findings into SiteProtector, which then provides custom security policies in the IPS to block attacks against the specific vulnerabilities
- Enhanced hybrid analysis that now also correlates .Net application vulnerabilties identified by both black box (dynamic) and white box (static) analysis
Rational AppScan Source Edition V8.5 includes the following enhancements:
- Broad application support with the addition of COBOL, PL/SQL and T-SQL
- Code quality testing from both IDE and build automation to identify code-level quality defects with key performance indicators that track code quality
- Integration with Virtual Forge CodeProfiler for static analysis of SAP ABAP applications
- User experience that is designed to allow developers and non-security experts to quickly identify and remediate vulnerabilities in their code