IBM Security AppScan software enables organizations to assess the security of their applications and achieve regulatory compliance by identifying vulnerabilities and generating reports with intelligent fix recommendations to ease remediation.

Request Information


  • down-arrow Citrix ADC (NetScaler ADC)
    11.0 VPX, 11.0 MPX, 10.5 VPX, 10.5 MPX, 10.1 VPX, 10.1 MPX, 10.0 VPX, 10.0 MPX, 11.1 VPX, 11.1 MPX, 12.0 VPX, 12.0 MPX

Product Details

IBM Security AppScan software enables organizations to assess the security of their applications and achieve regulatory compliance by identifying vulnerabilities and generating reports with intelligent fix recommendations to ease remediation.

Multiple product editions are available, based on your organization’s requirements:

IBM Security AppScan Enterprise: Enables organizations to mitigate application security risk and achieve regulatory compliance. Security and development teams can collaborate, establish policies, scale testing, prioritize and remediate vulnerabilities throughout the application lifecycle.

IBM Security AppScan Source: IBM Security AppScan Source helps organizations save money and reduce risk exposure by identifying software vulnerabilities early in the development lifecycle so they can be eliminated before deployment.

IBM Security AppScan Standard: Helps companies decrease the risk of web application attacks and data breaches by automating application security vulnerability testing.

Virtual Forge CodeProfiler for IBM Security AppScan Source: Virtual Forge CodeProfiler for IBM Security AppScan Source automates static analysis security testing to identify and remediate vulnerabilities in Advanced Business Application Programming (ABAP) source code.

IBM Security AppScan’s Strategic and Technical Benefits

From a strategic standpoint, AppScan’s benefits include the following:

  • Protecting your critical organizational data against the threat of potential cyber-attacks.
  • Facilitating your compliance efforts, by providing more than 40 reports that are specifically designed for most significant industry and government compliance requirements.
  • Integrating with companion IBM security offerings, including database access monitoring (IBM® InfoSphere® Guardium®), security event and information management (IBM® Security QRadar® SIEM) and intrusion protection/detection services (IBM® Security Network Intrusion Prevention System).
  • Analyzing mobile applications prior to their deployment, to ensure that they’re free of vulnerabilities and your critical organizational data are protected.

Technical benefits of AppScan include the following:

  • Helping your organization to determine which of your applications are most vulnerable to attacks.
  • Permitting you to identify security vulnerabilities that pose the greatest risk to your organization and focus remediation efforts on those high-risk vulnerabilities. 
  • Detecting security vulnerabilities earlier in the development process, reducing the cost of remediation and improving internal coordination.
  • Expanding your application security efforts across a large number of employees and organizational applications.

Protecting Applications Against Attack with Citrix ADC, formerly NetScaler Application Firewall

Citrix ADC Application Firewall is a comprehensive ICSA-certified web application security solution that blocks known and unknown attacks against web and web services applications. Citrix ADC Application Firewall enforces a hybrid security model that permits only correct application behavior and protects against known application vulnerabilities. It analyzes all bi-directional traffic, including SSL-encrypted communication, to protect against a broad range of security threats, without any required modifications to applications.

Below are highlights of key protection tactics that are facilitated by Citrix ADC Application Firewall:

  • Cross-Site Scripting
  • Cross-Site Request Forgery
  • SQL Injection
  • XML Security
  • Buffer Overflow
  • Data Theft

Customization of Web Application Firewall (WAF) rules to match applications ensures attacks can be identified and blocked. Citrix ADC has a learning mode capability to determine rules for the applications. But, sometimes, organizations like to manage application rule-sets themselves, which can prove to be time-consuming. Furthermore, rule-sets need to be reviewed when back-end applications are added or modified.

To keep the application protections up-to-date, there are two required steps. The first is to identify vulnerabilities associated with all of the applications hosted at the enterprise, and those hosted off-site. The second is to update WAF policies to protect against identified vulnerabilities.

Keeping these two steps in synch and ensuring that the right policies are in place can be challenging to many organizations, unless they deploy the solution that’s outlined below.

Combining AppScan’s and Citrix ADC’s Capabilities

Integrating IBM AppScan with Citrix ADC can quickly protect web applications, when compared to the time application developers might take to assess risk and implement application level controls or patches to remediate vulnerabilities.

By utilizing IBM AppScan’s scan results to create virtual patching in the Citrix ADC WAF for applications, the window of risk caused by vulnerabilities represents of a much shorter time period than with traditional approaches.

Specifically, Citrix ADC Application Firewall combined with IBM AppScan reduces operational complexity of your application security program and lowers the risk of potential errors, while delivering cost reduction.

This is achieved by:

  • Reducing the number of resources required to perform web application security tasks, by automating vulnerability assessment of your web applications.
  • Enabling collaboration between an organization’s application security stakeholders.
  • Performing WebApp scans hosted inside the network or outside of the organization, without the need to deploy additional physical of virtual scanners.


Citrix ADC Application Firewall integration with IBM AppScan provides the following comprehensive benefits:

  • Scalable and highly-automated web application scanning with IBM Security AppScan that provides insight to increase Citrix ADC Application Firewall’s level of detection, based on actual vulnerabilities detected.
  • Elimination of the need for access to the web application development team, for creation of “virtual patches” on applications themselves, or on underlying systems.
  • Protection against identified web application vulnerabilities, without involving or impacting application development timelines.
  • Reduction of exploitation time windows, by ensuring that organizations take time to create best application level controls, rather than rushing out an untested patches that may result in additional problems with web applications.
  • Citrix ADC Application Firewall protects web servers without degrading throughput or application response-times. It blocks application-level and other attacks, at more than a gigabit per second throughput.
  • Citrix ADC Application Firewall’s hybrid security model blocks all known and zero-day application-layer attacks. Web application behavior deviating from normal application use is treated as potentially malicious and blocked. A second level of protection is provided through efficient scanning of thousands of automatically updated signatures.
  • Citrix ADC has many other security features, providing a multi-layer security model.