IBM Security AppScan software enables organizations to assess the security of their applications and achieve regulatory compliance by identifying vulnerabilities and generating reports with intelligent fix recommendations to ease remediation.
Multiple product editions are available, based on your organization’s requirements:
IBM Security AppScan Enterprise: Enables organizations to mitigate application security risk and achieve regulatory compliance. Security and development teams can collaborate, establish policies, scale testing, prioritize and remediate vulnerabilities throughout the application lifecycle.
IBM Security AppScan Source: IBM Security AppScan Source helps organizations save money and reduce risk exposure by identifying software vulnerabilities early in the development lifecycle so they can be eliminated before deployment.
IBM Security AppScan Standard: Helps companies decrease the risk of web application attacks and data breaches by automating application security vulnerability testing.
Virtual Forge CodeProfiler for IBM Security AppScan Source: Virtual Forge CodeProfiler for IBM Security AppScan Source automates static analysis security testing to identify and remediate vulnerabilities in Advanced Business Application Programming (ABAP) source code.
IBM Security AppScan’s Strategic and Technical Benefits
From a strategic standpoint, AppScan’s benefits include the following:
Technical benefits of AppScan include the following:
Protecting Applications Against Attack with Citrix ADC, formerly NetScaler Application Firewall
Citrix ADC Application Firewall is a comprehensive ICSA-certified web application security solution that blocks known and unknown attacks against web and web services applications. Citrix ADC Application Firewall enforces a hybrid security model that permits only correct application behavior and protects against known application vulnerabilities. It analyzes all bi-directional traffic, including SSL-encrypted communication, to protect against a broad range of security threats, without any required modifications to applications.
Below are highlights of key protection tactics that are facilitated by Citrix ADC Application Firewall:
Customization of Web Application Firewall (WAF) rules to match applications ensures attacks can be identified and blocked. Citrix ADC has a learning mode capability to determine rules for the applications. But, sometimes, organizations like to manage application rule-sets themselves, which can prove to be time-consuming. Furthermore, rule-sets need to be reviewed when back-end applications are added or modified.
To keep the application protections up-to-date, there are two required steps. The first is to identify vulnerabilities associated with all of the applications hosted at the enterprise, and those hosted off-site. The second is to update WAF policies to protect against identified vulnerabilities.
Keeping these two steps in synch and ensuring that the right policies are in place can be challenging to many organizations, unless they deploy the solution that’s outlined below.
Combining AppScan’s and Citrix ADC’s Capabilities
Integrating IBM AppScan with Citrix ADC can quickly protect web applications, when compared to the time application developers might take to assess risk and implement application level controls or patches to remediate vulnerabilities.
By utilizing IBM AppScan’s scan results to create virtual patching in the Citrix ADC WAF for applications, the window of risk caused by vulnerabilities represents of a much shorter time period than with traditional approaches.
Specifically, Citrix ADC Application Firewall combined with IBM AppScan reduces operational complexity of your application security program and lowers the risk of potential errors, while delivering cost reduction.
This is achieved by:
Citrix ADC Application Firewall integration with IBM AppScan provides the following comprehensive benefits: