IBM Rational AppScan

IBM Rational AppScan
Developer(s) IBM / Rational Software
Stable release Version 8.5
Type Test management tools
License Proprietary
Website IBM Rational AppScan web page

IBM Rational AppScan is a family of web security testing and monitoring tools from the Rational Software division of IBM. AppScan is intended to test Web applications for security vulnerabilities during the development process, when it is least expensive to fix such problems. The product learns the behavior of each application, whether an off-the-shelf application or internally developed, and develops a program intended to test all of its functions for both common and application-specific vulnerabilities.

Contents

History

AppScan was originally developed by Israeli software company Sanctum Ltd. (which was initially named Perfecto Technologies) and was first released in 1998. [1] In 1999 Sanctum expended it web secuirty offering and launched one of the world's first Application firewall, namsed AppShield. [2]

AppScan version 2 was released in February 2001, adding policy recognition engine and knowledge database, an automatic and customizable crawler engine and attack simulator.[3] Version 3 was released in April 2002, adding collaborative testing capabilities, where different tasks can be assigned to different testers; and a number of user interface enhancements in both the scanning and reporting sections of the program.[4] By 2003 AppScan was used by over 500 enterprise customers and revenues reached $30m.[5]

In July 2004, Sanctum was acquired by Massachusetts based company Watchfire, which developed a web applications management platform named WebXM. AppScan became Watchfire's flagship product and Sanctum's R&D center in Herzliya, Israel, became Watchfire's main R&D location.[5]

In June 2007, Watchfire was acquired by IBM and incorporated into the Rational Software product line, enabling IBM to cover more of the application development lifecycle; with an addition of a tool to help developers make security intrinsic to the application.[6] Watchfire R&D center was incorporated into IBM R&D Labs in Israel.[7]

In 2009 IBM acquired Ounce Labs, adding to the AppScan line a tool that finds and corrects vulnerabilities in software source code during the development process, which was renamed AppScan Source Edition.[8]

Editions

See also

External links

References

  1. ^ "Perfecto Technologies Becomes Sanctum, Inc.; Pioneerin Automated Web Application Control and Security Changes Name.". BusinessWire. June 21, 2000. http://www.allbusiness.com/technology/software-services-applications-internet-social/6459219-1.html#ixzz1dLGMEQ5p. 
  2. ^ Ellen Messmer (September 7, 1999). "New tool blocks wily e-comm hacker tricks". CNN. http://www.cnn.com/TECH/computing/9909/07/ecomm.hack.idg/index.html. Retrieved 2010-11-17. 
  3. ^ Mimoso, Michael S. (6 Feb 2001). "AppScan release secures Web applications". SearchSecurity. http://searchsecurity.techtarget.com/news/520223/Quick-Takes-AppScan-release-secures-Web-applications. 
  4. ^ Costello, Sam (30 April, 2002). "Sanctum boosts tests, reports in AppScan 3.0". Computerworld. http://www.computerworld.com.au/article/23334/sanctum_boosts_tests_reports_appscan_3_0/. 
  5. ^ a b "Sanctum acquired by Watchfire". Israel Venture Capital Research Center. 26/07/2004. http://www.ivc-online.com/ivcWeeklyItem.asp?articleID=2015. 
  6. ^ Ogren, Eric (June 8, 2007). "AppScan lives on with IBM". Computerworld. http://blogs.computerworld.com/node/5652. 
  7. ^ "Watchfire Israel goes to IBM". Globes. 7 June 07. http://www.globes.co.il/serveen/globes/docview.asp?did=1000219398. 
  8. ^ Rick, Whiting (June 08, 2010). "IBM: Design Security Into New Applications During Development". CRN. http://www.crn.com/news/security/225500021/ibm-design-security-into-new-applications-during-development.htm;jsessionid=sAdQrMEqh7kWNepNsBEm-w**.ecappj02.