IBM Security AppScan V8.8 portfolio 发布

IBM® Security AppScan® V8.8 delivers:

• Improved time to value on static analysiswith:
  • Streamlined triage features to quickly identify security risk
  • Faster and easier configuration of Java™ applications
• Quickly identified confirmed vulnerabilities:
  • Top security risks identified by leveraging latest industry standards from Open Web Application Security Project (OWASP) top 10 2013 and OWASP Mobile Security Project - top 10 Mofile Risks
  • Filters and scan confirmations that help ensure security compliance and best practices
• Enhanced encryption to protect your security assets:
  • Supports industry-standard Transport Layer Security (TLS) protocol 1.2 compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131a

 

IBM Security AppScan V8.8 application security portfolio continues to deliver on static, dynamic, and interactive application security testing. IBM Security AppScan portfolio provides a platform for centrally managing application security testing and risk management as critical elements of application lifecycle management.

What is new

IBM Security AppScan Source:

• Enhanced encryption (support for Transport Layer Security (TLS) 1.2), and compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131a.
• Improved analysis accuracy through expanded framework support. Comprehensive framework support does not require configuration. New supported frameworks include Spring MVC 3, ASP.NET MVC, Microsoft™ .NET 4.5, Java JAX-RS (V1.0 and V1.1), Java JAX-WS (V2.2), and Web Service Definition Language (WSDL).
• Generates scans faster and more easily with simplified configuration and improved support for common Java web application dependencies.
• Streamlined triage features to quickly identify and isolate the most important security risks. Triage usability improvements include improved vulnerability matrix, more descriptive names, and display optimizations to help maximize graphical trace information.
• Includes new scan configurations to help speed analysis and to produce more actionable results. The standard scan configurations help make it easy to focus on specific types of vulnerabilities which enables organizations to prioritize their application security policies. New scan configurations include iOS to focus on mobile security and user input to isolate security risk introduced by users.
• Has new and enhanced analysis filters including Open Web Application Security Project (OWASP) Top 10 2013 and OWASP Top 10 Mobile Risks to help ensure security compliance and best practices. Filters help to produce smaller, more actionable results designed to ensure development teams focus on confirmed vulnerabilities.
• Delivers additional authentication support to help simplify user management and make large deployments easier. New in this release is support for Microsoft Windows™ authentication.
• Improved Integrated Development Environment (IDE) support designed to make working with the most current and popular development tools easier; updates include Visual Studio 2012, Eclipse 4.2, 4.2.2, 4.3, and IBM Rational® Application Developer V9.0.

IBM Security AppScan Standard:

• Enhanced encryption support for TLS 1.2 and compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131a.
• Allows recording an action-based login sequence, which enables scan session management for certain types of applications.
• Improved login mechanism and session handling:
  • Allows recording of an action-based login sequence to increase login success in certain applications.
  • Enhanced methods to detect session tokens, that improve session handling.
• Updated OWASP Top 10 2013 report for identifying noncompliance issues.

IBM Security AppScan Enterprise:

• Enhanced encryption support for TLS 1.2, and compliance with NIST SP 800-131a.
• Leverages the scalability of the Enterprise Dynamic Analysis Scanner by importing and scheduling scans configured with the AppScan Standard desktop application.
• Reuses functional quality assurance test scripts and implements Dynamic Analysis security testing automation via new Representational State Transfer (REST) API interfaces.
• Delivers more flexibility for configuring decentralized AppScan Enterprise administration via finer custom user type settings for adding, deleting and editing users and groups.
• Includes updated OWASP Top 10 (2013) report for identifying noncompliance issues.