S.A.F.E.: Speed, Accuracy, Flexibility and Efficiency |
As the leading security scanning and testing tool, AppScan delivers an unparalleled
combination of the benefits that matter most: speed, accuracy, flexibility
and efficiency. Its features and performance make it a powerful tool in the
hands of both security novices and experts.
- Intuitive User InterfaceAppScan's user interface makes it easy to setup, configure, and run tests. Likewise, analyzing results and generating reports can be done simply and quickly within AppScan's UI.
- Contextual HelpNo matter where you are in AppScan or what you are doing with it, AppScan provides context-sensitive tips, descriptions, and guides that assist you.
- Business Process Record and PlayAppScan 3.5 enables users to target specific business processes for one-time tests or as a part of regression testing during development.
- One-Click UpdateOne-Click Update automatically updates AppScan with the latest security vulnerabilities and security testing technology with one click of the mouse. Updates are available 24 hours a day, 7 days a week.
- Scan SchedulingSchedule one-time, regular, and concurrent tests directly from the user interface, from the command line, or from external test scripts.
- Transient Management SystemCreating and maintaining a session is a fundamental function of any web application. Testing tools have historically had trouble managing transients like cookies and URL parameters that are used for state management and session tracking. AppScan's Transient Management System automates the transient detection, management, and modification process so that exploring and testing can occur within stateful environments.
- Exposed ProxyExploring and testing of applications isn't restricted to HTML browsers. With AppScan, users can explore and test applications through AppScan using any client, not only HTML browsers.
- Client Side LogicNearly every site and application use JavaScript. Traditionally, client-side logic has represented a "blind spot" for application scanners and testing tools. AppScan 3.5 now automatically explores and parses JavaScript, tests embedded links, and identifies potentially dangerous comments and uses of parameters in JavaScript.
- Custom Error Page RecognitionCustom error pages can be a source of an enormous number of false positive results unless the scanning tool can recognize them. Unlike other testing tools that require the user to write rules to detect error pages, AppScan automatically recognizes both standard 404 and custom error pages out of the box.
|
Site Smart: Automated Behavioral Detection and Precision Testing |
AppScan tests for Web application vulnerabilities automatically and produces minimal false positive
and false negative results.
- Patented Policy Recognition EngineIn order to deliver accurate results, AppScan first learns the business logic and structure as it explores the application. It then creates custom tests that are designed to identify security defects and vulnerabilities in the application's logic and structure.
- SiteSmart Testing SystemOnce AppScan has created the custom tests, it sends these tests up to ten at a time to the application. Each response from the application is then parsed and validated automatically by AppScan to identify the responses that indicate vulnerabilities and the severity of every vulnerability detected.
- Comprehensive Knowledge DatabaseAppScan's knowledge database contains the information that is combined with vulnerable test results so that an auditor, administrator, tester, or developer can quickly locate and patch or fix the defect or vulnerability. The database is updated continually.
- Code Sanitation and Content ReviewAppScan gathers and presents a comprehensive view of information about the application that affects its security but cannot be tested directly. One such example is comments in the source code left behind by developers. AppScan collects, organizes, and displays this information for users to review and incorporate into their plan for tightening the security of the application.
- Custom Rule Definitions defined by userWhile AppScan creates and customizes tests automatically, users can create their own tests using the Custom Rule Definitions. This is a useful feature for users that must define and run a very specific test against the application.
- Supports Client-Side Certificates, SSL, and NTLMFor applications that require authentication prior to use, AppScan automatically authenticates using certificates, SSL, and NTLM. Settings and options are managed from within the AppScan UI.
- Precision Filters enable users to avoid wasting scan time and cycles by precisely defining the scope and depth of every scanControlling what the AppScan automatically explores and how it tests is easy with the many filters and configuration options during setup.
|
Actionable Results |
- Interactive "Index Cards"In order to understand and fix security defects and vulnerabilities, auditors, testers, and developers need a wide variety of information relating to the vulnerability, the tests run, and the recommended fix. AppScan users find all of this information and more in AppScan's Interactive Vulnerability Index Cards.
- Traffic LoggingIf an AppScan user wants to investigate further the details of a vulnerability, he/she can open and analyze a traffic log that contains every transaction detail between AppScan and the application
- Custom ReportsGetting the right results in the right format to the right person or people is why AppScan is a valuable tool at the end of the day. Once testing is complete, AppScan users can build and customize (add logos, edit results, insert comments etc.) executive summary and detailed reports quickly and easily. Furthermore, results can be exported in standard formats like CSV and Crystal Reports for further analysis, reporting, and tracking.
- Online/Offline Results Analysis and ReportingAppScan users don't have to be online in order to review results or generate reports.
|
|
|
Strategic Partner Solutions |
|