Discover how AppScan Source works
Stronger, more cost-effective application security solution
AppScan Source identifies security vulnerabilities in source code during the early stages of the application lifecycle. It builds automated security into development by integrating security source code analysis with automated scanning during the build process. The software scans, triages and manages security policies; and prioritizes assignment of results for remediation. It scans more than one million lines of code per hour; and extends analysis to Android and Apple iOS mobile applications.
Improved intelligence through integration
AppScan Source integrates with defect tracking systems (DTS), software configuration management and build management tools, providing increased security intelligence through correlation of static analysis results with dynamic analysis results. It accommodates a broad portfolio of large and complex applications across a wide range of languages. AppScan Source is built on open architecture to protect your existing investments.
Reduced time and effort with Intelligent Finding Analytics
With its cognitive IFA capabilities, AppScan Source helps reduce false positives by up to 98%, alleviating the need for security experts to review findings for false positives before sending them to developers. It helps Identify Fix Groups in your code, enabling developers to save time by addressing multiple issues with a single code change. IFA also helps you to perform Delta Analysis Reporting; display scan-to-scan changes and identify new issues that may have been added.
Enhanced reporting, governance and compliance capabilities
AppScan Source provides visibility into security and compliance risks presented by identified security issues. It delivers more than 40 security compliance reports, including PCI Data Security Standard, Payment Application Data Security Standard, ISO 27001 and ISO 27002, HIPAA, Gramm–Leach–Bliley Act and Basel II. It offers enhanced mobile application scanning capabilities and testing for mobile, web, native, hybrid and Worklight applications by integrating with IBM MobileFirst Studio.
Security best practices through centralized management
AppScan Source defines and enforces consistent policies that can be used throughout the enterprise. It can help enable enterprise-wide metrics and reporting with a centralized policy and assessment database. AppScan Source also provides audit and compliance reports that make it easier to understand application-related threat exposures at the executive level.
Customer case studies
How West Virginia University Protects Sensitive Student DataEducation
Migros: Turkish Retail Giant Secures Endpoints & E-Commerce Applications with IBM SecurityRetail
Progressive Insurance: Proactively Protecting Data by Creating Appropriate ControlsInsurance