Software:Security AppScan
Developer(s) | HCLTech (formerly IBM) |
---|---|
Stable release | Version 10.0
|
Type | Application security Assurance |
License | Proprietary |
Website | www |
HCL AppScan, previously known as IBM AppScan, is a family of desktop and web security testing and monitoring tools, formerly a part of the Rational Software division of IBM. In July 2019, the product was acquired by HCLTech[1] and is currently marketed under HCLSoftware, a product development division of HCLTech. AppScan is designed to test both on-premises and web applications for security vulnerabilities during the development process - when it is least expensive to fix such problems. The product scans the behavior of each application, whether an off-the-shelf application or internally developed, and develops a program intended to test all of its functions for both common and application-specific vulnerabilities. This family of products is capable of performing SAST, DAST, IAST and Mobile Analysis against the user's source code and check for vulnerabilities.
History
AppScan was originally developed by Israeli software company Sanctum Ltd. (formerly Perfecto Technologies) and was first released in 1998.[2] A year later, Sanctum expanded its web security service and launched an Application firewall, called AppShield.[3] The first version of AppShield was developed by a team led by Gili Raanan, and was running on a dedicated Linux server.
AppScan version 2.0 was released in February 2001, adding policy recognition engine and knowledge database, an automatic and customizable crawler engine and attack simulator.[4] Version 3 was released in April 2002, adding collaborative testing capabilities, where different tasks can be assigned to different testers; and a number of user interface enhancements in both the scanning and reporting sections of the program.[5] By 2003 AppScan was used by over 500 enterprise customers and had nearly $30 Million (USD) in annual revenue.[6]
In July 2004, Sanctum was acquired by Massachusetts based company Watchfire, which developed a web applications management platform named WebXM. AppScan became Watchfire's flagship product and Sanctum's R&D center in Herzliya, Israel, became Watchfire's main R&D location.[6]
In June 2007, Watchfire was acquired by IBM and incorporated into the Rational Software product line, enabling IBM to cover more of the application development lifecycle with the addition of a new tool to help developers further bolster the security of the application itself.[7] Watchfire R&D center was incorporated into IBM R&D Labs in Israel.[8]
In 2009 IBM acquired Ounce Labs and added yet another tool to AppScan to find and correct vulnerabilities in software source code. This new version was quickly re-packaged as a separate edition of AppScan: AppScan Source Edition.[9]
In June 2019, HCL acquired select IBM collaboration, commerce, digital experience, AppScan and BigFix solutions.[10][11]
Editions
- AppScan Enterprise Edition - Client-server version used to scale security testing.
- AppScan Standard Edition - Desktop software for automated Web application security testing environment for IT Security, auditors, and penetration testers.
- AppScan Source Edition - Designed to prevent data breaches by locating security flaws in application source code.
- AppScan on Cloud - Application Security Testing suite as a service.
References
- ↑ Kwan, Campbell. "HCL now fully controls IBM software including Notes and Domino" (in en). https://www.zdnet.com/article/hcl-now-fully-controls-ibm-software-including-notes-and-domino/.
- ↑ "Perfecto Technologies Becomes Sanctum, Inc.; Pioneering Automated Web Application Control and Security Changes Name.". BusinessWire. 21 June 2000. http://www.allbusiness.com/technology/software-services-applications-internet-social/6459219-1.html#ixzz1dLGMEQ5p.
- ↑ Ellen Messmer (7 September 1999). "New tool blocks wily e-comm hacker tricks". CNN. http://www.cnn.com/TECH/computing/9909/07/ecomm.hack.idg/index.html. Retrieved 17 November 2010.
- ↑ Mimoso, Michael S. (6 February 2001). "AppScan release secures Web applications". SearchSecurity. http://searchsecurity.techtarget.com/news/520223/Quick-Takes-AppScan-release-secures-Web-applications.
- ↑ Costello, Sam (30 April 2002). "Sanctum boosts tests, reports in AppScan 3.0". Computerworld. http://www.computerworld.com.au/article/23334/sanctum_boosts_tests_reports_appscan_3_0/.
- ↑ 6.0 6.1 "Sanctum acquired by Watchfire". Israel Venture Capital Research Center. 26 July 2004. Archived from the original on 10 August 2007. https://archive.today/20070810083415/http://www.ivc-online.com/ivcWeeklyItem.asp?articleID=2015.
- ↑ Ogren, Eric (8 June 2007). "AppScan lives on with IBM". Computerworld. Archived from the original on 31 January 2011. https://web.archive.org/web/20110131081131/http://blogs.computerworld.com/node/5652.
- ↑ "Watchfire Israel goes to IBM". Globes. 7 June 2007. http://www.globes.co.il/serveen/globes/docview.asp?did=1000219398.
- ↑ Rick, Whiting (8 June 2010). "IBM: Design Security Into New Applications During Development". CRN. http://www.crn.com/news/security/225500021/ibm-design-security-into-new-applications-during-development.htm;jsessionid=sAdQrMEqh7kWNepNsBEm-w**.ecappj02.
- ↑ HCL Technologies to acquire select IBM software products
- ↑ HCL Technologies to Acquire Select IBM Software Products for $1.8B