Rational AppScan Source Edition

Features and benefits

AppScan Source Edition integrates security testing into the software development life cycle while helping development teams, security analysts, auditors and compliance managers strengthen application security, protect confidential information, and improve governance, risk management and compliance.

Features:

• Automated correlation of static and dynamic analysis results (hybrid analysis) when deployed with AppScan Enterprise and AppScan Reporting Console.
• Extensible Web application framework support that delivers unparalleled flexibility to support new and custom application frameworks.
• String Analysis, an IBM Research innovation, for automated identification of validation routines, which simplifies the user experience for developers.
• Central repository for shared information, such as global security rules and published security assessments supporting comprehensive trend analysis.
• Vulnerability Matrix to instantly prioritize confirmed critical vulnerabilities with no false positives.
• Automated project import facility that simplifies setup – even in incomplete environments
• Customizable report cards help demonstrate compliance with industry regulations and best practices, including the OWASP Top 10 and PCI
• Detailed project-based Software Security Profiles, as well as customizable snapshot and trend reports, prove progress and monitor compliance with contracted security requirements

Benefits:

• Cost-effective risk management from early identification and remediation of application vulnerabilities.
• Industry-leading security knowledgebase helps ensure precise identification of vulnerabilities and remediation assistance.
• With a few clicks, identify a confirmed vulnerability, add notes for the developer, and assign it through email or integration with your defect tracking system.
• Reliably manage and measure risk across your portfolio of applications.
• Reporting templates provide specific information to prove compliance with leading standards and regulations such as the OWASP Top 10 and the PCI Data Security Standard.
• Seamlessly works within your chosen IDE, including Rational Application Developer.
• Make enterprise-wide implementations practical and efficient with centralized “push-and-play” deployment.
• Click once to take you to the vulnerable line of code, straight from your IDE.
• In-context remediation advice helps development organizations learn about the vulnerability and fix it, armed with advice from the industry’s most comprehensive software security knowledgebase with links to the Common Weakness Enumeration (CWE) community site.

Oracle Fighting to Keep Linux Open and Free 30/08/2023

Oracle has just released a statement by...