There's an App(scan) for that: IBM Security Announces Advances in Application Security Testing
Bryan Casey 270003BSJV BFCASEY@US.IBM.COM | | Emneord:  mobile ibm security application vulnerability scanning appscan
0 kommentarer | 6.134 besøg
Today’s post comes from Larry Gerard, Senior Manager, Application Security Product Management, IBM Security.
Today, IBM Security Systems announced the latest version (8.6) of our market-leading application security testing solution, IBM Security AppScan (formerly IBM Rational AppScan), which will be available to customers on June 12. The IBM Security AppScan portfolio supports the establishment of secure development practices that enable security and development teams to find and fix application security vulnerabilities like SQL Injection and Cross Site scripting (XSS) and manage application security risk. The 8.6 release has significant new capabilities and benefits that allow our customers to extend their application security testing to mobile applications, expand their security intelligence with application vulnerability data and, as is our precedent, continue to help our customers find more vulnerabilities with greater ease, speed and accuracy.
Let's dig into some of the details of these highlights:
Extend application security testing to mobile applications.
The shift to mobile applications and mobile devices connecting to corporate networks is becoming a market standard for companies to connect with their consumers and employees. This shift has also created a landscape ripe for more and more mobile application attacks. Corporate applications are coming under attack and need to be bullet proof. IBM Security AppScan Source v8.6 delivers static application security testing (SAST) for Android-base mobile java applications. Our AppScan Source development team leveraged extensive Android-specific security research to provide a comprehensive solution to automate security analysis of Android applications. Organizations can now proactively address Android security risks before confidential information is compromised.
Expand security intelligence with application vulnerability data
Let's face it – scanning and remediating the existing application vulnerabilities that organizations are using to run their business takes time and steals valuable resources away from delivering new business capabilities that help companies remain competitive. In the race to be first, being first and secure is not always an option. While IBM Security AppScan continues to improve and reduce the cost of being secure, companies continue to pit security against innovation. However, I truly believe that security, when executed in an intelligence-based approach, can enable innovation rather than working against it. With the 8.6 release, IBM Security AppScan integrates with IBM's QRadar Security Intelligence Platform, allowing known application vulnerabilities discovered by AppScan to be leveraged by QRadar to automatically raise or lower the priority score of security incidents. This integration puts the results of a scan to work right away. For example, if a production application is scanned, and critical vulnerabilities are found, companies cannot shut down those applications to get those vulnerabilities fixed. If critical enough, companies may pull some of their key resources off projects to fix these vulnerabilites and thoroughly test them which may result in costly delays to push the fixes through a full development lifecycle. This integration provides valuable security intelligence to monitor these application vulnerabilities, allowing the fixes to be bundled in with the next project updates and reducing the costs to push a quick fix through the development organization separately.
Find more vulnerabilities with greater ease, speed and accuracy
It's a known fact that attacks are happening every day. Threats are increasing and the mindset of securing the most important applications has shifted to securing all applications. As a result, I regularly hear from customers say, "I need to do more with less." We dedicated a large part of this new release to finding more vulnerabilities faster and with improved accuracy. IBM Security AppScan Source V8.6 improves ease-of-use and ease-of-deployment capabilities with the new Application Discovery Assistant, and pre-defined scan configurations automate time-consuming configuration steps and provides more accurate and complete dependency analysis. Time to value, as I like to call it, is the time from starting to on-board a new application to the finishing the first scan. AppScan Source 8.6 simplifies this process so that most development teams can do this on their own, leaving development teams and tool administrators time to focus on other critical business functions.
Many of these new features are being highlighted at the Rational Innovate conference this week. If you are able to attend the conference, I would love to hear your first impressions. If you’re not at the conference, you'll be able to download the IBM Security AppScan Enterprise v8.6 and IBM Security Source v8.6 on June 12. You'll want to save some time in your calendar that week to download and check out these new features. I assure you, you will be impressed.