Thinking about Security Inside the (Glass) Box
Bryan Casey 270003BSJV BFCASEY@US.IBM.COM | | Tags:  ibm security web appscan box glass scanning application vulnerability
0 Comments | 3,930 Visits
Today's post comes from Sydney Shealy, Market Segment Manager, Application Security.
Automated tools for assessing the security of web applications fall into two main categories: dynamic application security testing and static application security testing. Each has its benefits and challenges, and many organizations use both to attain the best possible results. For the last few years, IBM has been researching, developing and patenting (Patent pending technology US 20090205047) an exciting new approach called glass box, which is now emerging as a way to take advantage of the benefits of both methods.
With the glass box testing method, you can observe the actions of an application from within while it is running. Research shows that this approach can greatly enhance key aspects of dynamic application security testing, such as the logical coverage of the application, the detection of previously hard-to-spot security issues and better reporting for the user. In addition, it is possible to enjoy the benefits of static application security testing: Full visibility of the code, runtime, internal interactions and more. To see how you can enhance your web application security testing with IBM Security AppScan glass box technology, the below video provides a brief introduction into how the technology really works.
You can read more details about this capability on the X-Force blog, in this whitepaper, or visit our website.