AppScan was originally developed by software company Sanctum Ltd. (which was initially named Perfecto Technologies) and was first released in 1998. In 1999 Sanctum expanded its web security offering and launched one of the world's first Application firewall, named AppShield. The first version of AppScan was developed and was running on a dedicated Linux server.
AppScan version 2 was released in February 2001, adding policy recognition engine and knowledge database, an automatic and customizable crawler engine and attack simulator.
Version 3 was released in April 2002, adding collaborative testing capabilities, where different tasks can be assigned to different testers; and a number of user interface enhancements in both the scanning and reporting sections of the program.
In July 2004, Sanctum was acquired by Watchfire, which developed a web applications management platform named WebXM. AppScan became Watchfire's flagship product.
In June 2007, Watchfire was acquired by IBM and incorporated into the Rational Software product line, enabling IBM to cover more of the application development lifecycle; with an addition of a tool to help developers make security intrinsic to the application for address dynamic application security testing (DAST) requirements.
In 2009 IBM acquired Ounce Labs, adding to the AppScan line a tool that finds and corrects vulnerabilities in software source code during the development process, which was renamed AppScan Source Edition for static application security testing (SAST).
The solution under IBM hand, is further evolved for AppScan Enterprise, for Mobile AST and on cloud offering on top of the on premise, for the end to end modern DevSecOps requirement.
In June 2019, HCL acquired select IBM collaboration, commerce, digital experience, AppScan and BigFix solutions.