AppScan QA delivers predictive reproducible results that QA personnel can use to test applications during the development lifecycle. With tools such as delta and trend analysis, defect changes can be determined against a baseline to develop accurate analysis, especially in changing development environments. With the AppScan QA automated results analysis, testers can quickly identify the type, severity, and area (application or administrative) of vulnerabilities. Security can be complex to understand, AppScan QA allows QA personnel to focus on their core competency of testing. AppScan's detailed defect analysis advisories translate technical details into business terms suitable for a range of audiences, including development management. For testers or developers who desire comprehensive understanding of the defects, AppScan QA provides detailed views of the test, the response, and suggested fix recommendations. In addition to testing for common web vulnerabilities and application specific vulnerabilities, AppScan QA can also test any web-based XML/SOAP application or environment. This allows immediate testing on new infrastructure technologies. Finally, AppScan QA provides tools such as API's and Command Line Interfaces to facilitate integration with existing testing environments and to allow third party tools to interact, and even launch, scans automatically. In summary, AppScan QA:

Facilitates Communication across the development lifecycle

• Best of breed results communication: Understand, communicate and measure
• Enhanced reporting functionality with XSLT templates

Automates Regulatory/Directive Compliance Assurance

• Built-in U.S. regulations
• Built-in European directives
• User-defined compliance reports

Enhances S.A.F.E. Leadership (Speed, Accuracy, Flexibility and Efficiency)

• Accurate security assessment for the power user
• User defined controls for intelligent testing

AppScan 4.5 QA Edition delivers seamless integration into existing test systems, automation to deliver predictive, reliable results and output to all standard defect tracking and analysis/management systems. Key features include:

Automated Intelligent Security Testing
•	Patented validation engine creates customized test scenarios, delivers widest array of attack variants to test & validate defects � and approve for release candidacy
•	User-defined controls drive intelligent testing for all skill levels
•	Regulatory Compliance Verification and Reporting
Built-in compliance reporting for regulatory, directive, and corporate policy pre-validation
•	Built-in Compliance Reporting for Regulatory, Directive, and Corporate Policy Pre-validation
•	Detailed reports with remediation feedback on security defects
Results Communication: Understand, Communicate, Measure
•	Delta, trend and regression analysis for security defects
•	Actionable results thru comprehensive fix recommendations
•	Common reporting language across groups/departments
•	Identify and translate defect root cause into business risk