** Re-posting this entry from the Message Board **
IBM Security Systems Has All The Artillery To Dominate the Security Battlefield
It just needs to be deployed properly..
→ Some factors that may explain the current state of the application security maturity [extremely low]:
continue to lack the necessary security training and processes to
translate 'security requirements' into a secure design with
appropriate unit tests.
The intense pace development of
new technologies and migration of existing applications to new
platforms is leaving a wide open chest of vulnerabilities for
hackers to exploit.
Vendors of the leading
technologies for security code review, static and dynamic
analysis, have yet to fulfill their promise of a combined set of
actionable and defensible results.
Security teams typically have
considerable background in network analysis and penetration
testing but rarely have the level of programming skills that are
necessary to effectively review, prioritize and discuss results
and recommendations with developers.
The AppScan Appliance Solution:
burden of scanning (configuration, tuning, filtering, verification,
prioritization) from the security team and / or development staff to
the AppScan Security Tunnel while ensuring appropriate code security,
i.e. source code in any form (IL or not) never leaves the premises!
→ Broadens the
definition of “Security Finding” to include all correlated
results (whitebox, blackbox, runtime, binary, IPS, IDS, Risk
Assessment, etc.) for a particular issue or 'insecurity pattern' and
integrates the appropriate tests (unit test, dynamic re-test, static
verification) directly integrated into their IDE of choice while
minimizing the performance impact and need for heavy duty