AppScan Standard web vulnerability scanner (WVS) is (formerly Watchfire AppScan, now under IBM Security AppScan product family), more specifically Dynamic Application Security Testing (DAST) base web vulnerability scanner use to protects against web application attacks and expensive data breaches by testing your application code.
Prevent security risks
Avoid security vulnerabilities
Use automated Dynamic Application Security Testing (DAST) and advanced static analysis (SAST) – “black box” and “white box” techniques– to detect developing security issues.
Empower accurate scanning
Scan websites to identify embedded vulnerabilities. Simplify interpretation of scan results with scan-specific explanations of each issue.
Get quick remediation
Fix high-priority problems first with streamlined remediation. Make fixes quickly with the provided remediation steps – including code examples and a task list.
Key features
- Incorporate application security testing into DevOps
- Enhance application security with Cognitive capabilities
- Manage and reduce risk in web and mobile applications
- Address your appsec risk
Provides a comprehensive view into application vulnerabilities
Configure, run and upload app scans with our cloud integration feature
Get in-depth understanding of app security issues
Customized reporting on industry standards and compliance
Product Overview
IBM Security AppScan® Standard is a security vulnerability testing tool for web applications and web services. It features the most advanced testing methods to help protect your site from the threat of cyber-attack, together with a full range of application data output options.
IBM SecurityAppScan Standard employs three distinct testing techniques that complement and enhance each other:
- Dynamic Analysis (“black-box scanning”)
- This is the primary method, testing and evaluating application responses during run-time.
- Static Analysis (“white-box scanning”)
- This is a unique technology that analyzes JavaScript code in the context of the full web page.
- Interactive Analysis (“glass box scanning”)
- The dynamic test engine can interact with a dedicated glass-box agent which resides on the web-server itself, enabling AppScan to identify more issues, and with greater accuracy, than by conventional dynamic testing alone
AppScan’s advanced capabilities include:
- General and regulatory compliance reporting, with over 40 different templates available out-of-the-box
- Customization and extensibility through the AppScan eXtension Framework, or by direct integration into existing systems using the AppScan SDK
- Link categorization capabilities that go beyond application security to identify risks posed to users from links to malicious or other unwanted sites
AppScan Standard helps you decrease the risk of web application attacks and data breaches both before site deployment and for ongoing risk assessment in production.
AppScan Standard Latest Release and Update
Each time the software release and update, will change this post date and incorporate those latest information in this section.
AppScan Standard 9.0.10 – 9.0.3 Fix Pack 10 (Sep 20, 2018)
What’s new
A complete list of fixes in this version can be found at: http://www.ibm.com/support/docview.wss?uid=swg27021374
This fix pack includes the following improvements:
- Web Services Configuration wizardThe new Web Services Configuration Wizard helps you configure a scan based on the service’s Open API definition files (JSON and/or YAML). The wizard helps create the Explore stage traffic (rather than record it), and the configuration is then used to run an automatic scan.
AppScan Detailed System Requirements
For your convenience, the tabs below identify the supported releases of IBM Security AppScan Standard from which you can select detailed system requirement reports for different contexts (by Operating System, by component). Note that clicking a link will always generate a new, up-to-date report.
Note: AppScan Standard runs on Windows operating systems only. If glass box scanning is used, the glass box agent must be installed on the tested application’s server (Java and .NET platforms are supported). The system requirements listed for other (non-Windows) systems apply only to the server on which this glass box agent is installed.