IBM implements static analysis in AppScan update
September 23, 2008 —
IBM has released two new editions of its Rational AppScan security product to integrate security into the development and build stages of the software life cycle.
Rational AppScan Developer Edition (DE) and Rational AppScan Build Edition, released yesterday, give developers a “finite list” of vulnerabilities. They also integrate into IDEs like Rational Application Developer and Eclipse, according to IBM executives.
The integration feature of Rational AppScan DE makes it easier than using a separate product or scan. David Grant, director of marketing for IBM Rational’s security solutions, said it’s like a spell-checker built into those environments. It generates reports as actionable task lists instead of detailed vulnerability reports to help fix issues faster. The edition also integrates with Rational AppScan’s Reporting Console to provide Web-based reporting.
IBM executives claimed Rational AppScan DE is the first industry product to include static analysis, black box testing, runtime analysis and string analysis.
String analysis focuses on resolving false positives, which IBM said is the biggest challenge plaguing current security code scanning solutions. It is a patent-pending technique that brings automation to code analysis.
Until now, the most advanced technique for analyzing code security was taint analysis, which tracked input values through the system but relied on the developer to determine if the data was properly analyzed, IBM said. String analysis, however, automates code analysis configuration to help eliminate false positives.
“If you think about the problem with code testing for security, at least, you need a knowledge of both code and security,” Grant said. “String analysis is a form of static testing that gives the user more understanding of the application, and [it] automates more of the discovery of the application and the actual scan test configuration so that you’re not leaving [it] in the hands of the developer having to know how to tweak a test or scan before actually running the test.”
Rational AppScan Build Edition, meanwhile, embeds Web application security testing into build management in order to automate security testing. It is focused on finding vulnerabilities early in the development life cycle, and like Developer Edition, combines multiple analysis techniques for scanning, according to IBM. Build Edition can also automate application vulnerability scanning and do things like JavaScript execution and Web Service testing.
“When the build runs, whether it be nightly or weekly, we can test for security issues as part of that build automation, and then reject the build or send back the issues to developers,” Grant said. “They can then open AppScan DE within the IDE and fix those tickets and issues.”
Related Search Term(s): ALM, security, IBM
Share this link: http://sdt.bz/32889
Most Read Latest News Blog Resources
Appcelerator Acquires Cocoafish to Add Instant Mobile Cloud Capabilities to its Industry Leading Titanium Platform
Appcelerator Offers Messaging, Social, Location and Storage Mobile Cloud Services to All Mobile App Publishers
|
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
ComponentOne Releases a Collection of 40+ UI Widgets Powered by HTML5 and jQuery
ComponentOne has announced the 2012 release of Wijmo: a kit of UI widgets for HTML5 and jQuery development
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles
|
|
Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions
|
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
|
|
Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
|
|
RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
|
|
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
|
The Hidden Costs of Software Licensing
Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...
|
|
Case Study: You May Need a Development Mechanic
As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...
|
|
Ensuring Software Quality at a Major International Bank
One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...
|
|
Load Testing Adobe Flex Applications
Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...
|