IBM pushes for preemptive approach to Web application security
With more services moving online, the cost of recovering from a security breach can reach into the hundreds of millions of dollars. In addition, ensuring compliance with industry mandates such as the Payment Card Industry Data Security Standard (PCI DSS) remains a top of mind issue for many companies. As a result, organizations are looking to protect their applications as they are being built, instead of spending money on reactive measures once they’ve already been deployed.
For the first time, organizations can now test for vulnerabilities as a software application is developed and after the application is deployed. By scanning software code prior to deployment, information technology (IT) teams can now build security and compliance into the software development and delivery process before it poses a real risk to their company or becomes highly costly to fix.
Bug-ridden, poor quality software costs businesses billions of dollars annually and the cost of identifying and repairing a software defect in a product that is already being used by consumers can cost upwards of $16,000 for each defect. Recognizing these challenges, IBM is introducing IBM Rational AppScan Developer Edition which brings the power of security testing into the hands of the developer.
IBM Rational AppScan Developer Edition can achieve unmatched coverage and accuracy in detecting potential security issues for Web applications. It is the industry’s first solution which includes static code analysis which checks source code for potential security vulnerabilities, dynamic black box testing to identify vulnerabilities in the compiled code, run-time analysis, patent-pending string analysis and composite analysis.
IBM’s string analysis helps to solve the biggest challenge plaguing current security code scanning solutions – false positives. Features for minimizing false positives and providing easy-to-understand results are given higher priority than increasing the breadth of a scan, which can complicate security testing. Collaboration and sharing of configurations and results are a core part of the product, and reuse of a scan configuration helps provide consistent, repeatable scans on each application.
IBM Rational AppScan Developer Edition is currently available for a fixed term license of U.S. $2,650 per seat.