Deployment and Operations in Application Lifecycle
Fast, Accurate, and Comprehensive Audits with AppScan 3.5 |
For applications in production, auditors face the considerable challenge of producing
accurate and comprehensive security assessments quickly. AppScan has been part
of the auditor's toolkit for years solving this problem. Powered by its patented
Dynamic Policy Recognition Engine, AppScan's behavioral detection and precision testing
processes automatically learn the application's logic and structure and build
custom test scenarios to run against it. AppScan reliably detects the broadest array
of application vulnerabilities with minimal false positives and false negatives.
Not only is AppScan highly accurate but it's also fast. It utilizes multiple threads
to explore and test applications that cut test time dramatically. Auditors can run
multiple assessments simultaneously to further save time. Using AppScan, the auditor
can focus more time and resources on the resolution of security vulnerabilities rather
than on their detection
Detect Vulnerabilities Automatically |
With AppScan 3.5, auditors quickly identify the widest array of application
vulnerabilities. AppScan's patented Dynamic Policy Recognition Engine automatically
creates an unparalleled number of customized tests for:
- Cross-site Scripting
- Parameter Tampering
- Hidden Field Manipulation
- Backdoors and Debug Options
- Stealth Commanding
- Forceful Browsing
- Application Buffer Overflow
|
- Cookie Poisoning
- 3rd Party Misconfigurations
- Known Vulnerabilities
- SQL Injection
- HTTP Attacks
- Suspicious Content
|
|
Key Features |
- Advanced validation mechanism delivers the widest array of attack variants to test, validate and provide fix advisories for both Common Web Vulnerabilities (known) and Application-specific vulnerabilities (unknown)
- Complete solution for testing Web Services Technologies
- Integrates seamlessly into any testing environment
- Command line execution
- Concurrent session scans
- Accelerates the testing process through automatic test creation and modification
- Business process (use case) Record and Play
- Patented Security Policy Recognition Engine
- Instantaneous feedback of actionable results; eliminates fix delays
- Comprehensive S.A.F.E. solution provides 360-degree view of application
behavior and structure
- JavaScript Explore
- Code Sanitation and Content Review
- Transient Management System
- Custom Error pages
|
AppScan Diagram
What The Market Has To Say |
|
"We recognized that we had a need for an automated tool to help
us look at our clients' Web applications. The stars aligned at that point.
We didn't see any other viable tools but AppScan that could help us do what
we wanted to do. Even now, almost a year later, we still haven't seen anything
that works as well as AppScan does. It allows us to do something that we couldn't
do a year ago."
Fred Rica
PricewaterhouseCoopers
|
|
|
|
Strategic Partner Solutions |
|