HCL AppScan, previously known as IBM AppScan, is a family of web security testing and monitoring tools formerly from the Rational Software division of IBM.
AppScan is intended to test Web applications for security vulnerabilities during the development process, when it is least expensive to fix such problems. The product learns the behavior of each application, whether an off-the-shelf application or internally developed, and develops a program intended to test all of its functions for both common and application-specific vulnerabilities.
AppScan was originally developed by software company Sanctum Ltd. (which was initially named Perfecto Technologies) and was first released in 1998. In 1999 Sanctum expanded its web security offering and launched one of the world's first Application firewall, named AppShield. The first version of AppScan was developed and was running on a dedicated Linux server.
AppScan version 2 was released in February 2001, adding policy recognition engine and knowledge database, an automatic and customizable crawler engine and attack simulator.
Version 3 was released in April 2002, adding collaborative testing capabilities, where different tasks can be assigned to different testers; and a number of user interface enhancements in both the scanning and reporting sections of the program.
In July 2004, Sanctum was acquired by Watchfire, which developed a web applications management platform named WebXM. AppScan became Watchfire's flagship product.
In June 2007, Watchfire was acquired by IBM and incorporated into the Rational Software product line, enabling IBM to cover more of the application development lifecycle; with an addition of a tool to help developers make security intrinsic to the application for address dynamic application security testing (DAST) requirements.
In 2009 IBM acquired Ounce Labs, adding to the AppScan line a tool that finds and corrects vulnerabilities in software source code during the development process, which was renamed AppScan Source Edition for static application security testing (SAST).
The solution under IBM hand, is further evolved for AppScan Enterprise, for Mobile AST and on cloud offering on top of the on premise, for the end to end modern DevSecOps requirement.
In June 2019, HCL acquired select IBM collaboration, commerce, digital experience, AppScan and BigFix solutions.
AppScan Standard is a dynamic application security testing tool designed for security experts and pen-testers. Using a powerful scanning engine, AppScan automatically crawls the target app and tests for vulnerabilities. Test results are prioritized and presented in a manner that allows the operator to quickly triage issues and hone-in on the most critical vulnerabilities found. Remediation is made easy using clear and actionable fix recommendations for each issue detected. As a result, continuously testing and assessing risk for web services and applications helps prevent a damaging security breach.
Benefits
AppScan Enterprise delivers scalable application security testing and risk management capabilities, to help enterprises manage risk and compliance. AppScan enables security, DevOps teams to collaborate, establish policies, and perform testing throughout the application development lifecycle. Management dashboards help businesses classify and prioritize application assets based on business impact and identify the most critical vulnerabilities that present the highest risk to the business. AppScan Enterprise’s REST interface enables integration with various automation tools to ensure seamless integration with DevOps’ CI/CD pipelines.
Benefits
AppScan Source helps organizations develop more secure software, and avoid costly vulnerabilities that surface late in the development lifecycle. By integrating security testing early in the development cycle – i.e. shift-left security – AppScan reduces risk exposure and reduces remediation costs. AppScan Source utilizes its machine learning-based Intelligent Finding Analytics (IFA) technology to help customers quickly identify critical security vulnerabilities and the best measures for remediation. As a result, costly remediation late in the development cycle or in production are avoided.
Benefits
AppScan on Cloud delivers a suite of security testing tools, including static, dynamic and interactive testing for web, mobile and open source software. It detects pervasive security vulnerabilities and facilitates remediation. AppScan on Cloud implements shift-left security by eliminating vulnerabilities during development, before software is deployed. Comprehensive management capabilities enable security professionals, developers, DevOps and compliance officers to continuously monitor the security posture of their application and maintain compliance with regulatory requirements.
Benefits
E-SPIN in the business of deliver end to end cybersecurity testing, include application security testing (AST), cover dynamic AST, static AST (secure code review / multi platform and programming technology support), interactive AST, mobile AST, source code analysis (SCA), IDE DevSecOps CI/CD integration, vulnerability security/assessment to penetration/exploitation testing, infrastructure/network/server/host/database testing to malware analysis and reversing for customer in all kind of industry and sectors for specific to generic requirements.
Feel free to contact E-SPIN for your specific project or operation requirements.