Where is this IBM Rational Appscan come from ?
Formally Watchfire Corporation before its acquisition by IBM in July 2007.
- This scanner comes in three different editions:-
- Standard Edition
- Targeted at standalone usage scenarios.
- Black-box testing tool (does not require source code but requires a running system).
- Underlying implementation technology independent.
- Works by crawling an entire website (link depth and type is configurable) after been given a root URL.
- Suggests common fixes when vulnerabilities are found but cannot automatically fix them. (Obviously since it has no knowledge or access to the underlying code!)
- Will not be able to detect threats on pages that are not explicitly defined in the test, exist as links in the website or directories that do not allow listing.
- Supports legal and regulatory compliance by scanning against well known policies (e.g. Sarbanes-Oxley, HIPAA, PCI Data Security Standard, OWASP Top Ten) and generate the necessary reports.
- Requires regular updates to keep up with latest threat signatures (like anti-virus software).
- Must run full suite of tests after an update as the tool is unable to determine the delta.
- Includes a whole bunch of advanced tools for penetration testers.
- Supports only Windows Platform for running the tool.
- Tester Edition
- Targeted as part of the Quality Assurance process usage.
- Contains same features as the Standard Edition plus the following.
- Automatic test creation, modification and maintenance capabilities to enable testing and remediation.
- Enterprise Edition
- Targeted at multi-user environments.
- Contains same features as the Standard Edition plus the following.
- Centralized test management and reporting, remote scanning administration.
- Continuous monitoring and aggregation of metrics to ensure remediation and trend improvement over time.
- Sophisticated dashboards and flexible reporting views to provide enterprise-wide visibility of risks and remediation progress.
- Web based access for users.
- Supports only Windows Platform for server components.
- New eXtensions have been added, including Scan Expert Extensions, an eXtensible Panel in the Main Window, and saving manually found issues.
- IBM Rational AppScan's scan configuration has been re-architected for improved flow efficiency.
- The product has 44 out-of-the-box compliance reports. New reports include Family Education Rights and Privacy Act (FERPA), Freedom of Information and Protection of Privacy Act (FIPPA) and Payment Application Best Practices (PABP).
No comments:
Post a Comment