IBM today announced new capabilities designed to address the security and compliance concerns of businesses creating dynamic and interactive Web sites. As companies infuse more Web 2.0 content into their global, online presence, they are seeing an increased risk of security vulnerabilities. Using IBM Rational AppScan, companies can now test Web 2.0-based applications to identify security vulnerabilities on a frequent basis, helping to make the Web experiences they provide to customers more secure from hackers. The new features also enhance customers’ abilities to address regulatory mandates and meet business policies.
Helping to Secure Online Businesses from Web 2.0 and SOA Vulnerabilities
According to the newly released 2008 IBM X-Force Trend Report, Web applications remain the Achilles heel for the security industry. In fact, more than half of all vulnerabilities disclosed in 2008 were Web application based. Many of these vulnerabilities can be prevented or avoided by taking a preemptive approach to security.
Hackers and other cyber criminals target Web 2.0 technologies because of their prevalence across the Web. With IBM Rational AppScan Standard Edition 7.8, IBM is introducing new functionalities that enable companies to scan and test rich, Flash-based Web content and applications for security defects before the content is deployed. This new software can also scan Web sites built with Ajax technology.
“The use of Adobe Flash Platform technologies in the enterprise is increasing, and software such as IBM Rational AppScan can help content creators take a preemptive approach to security,” said Brad Arkin, director, Adobe Secure Software Engineering Team at Adobe. “By scanning and testing code for potential issues in the early development stages, companies can help prevent security and compliance problems before they ever happen.”
For companies that are concerned that their Web services will face the same vulnerabilities as their Web applications, the new version of IBM Rational AppScan now also supports complex Service Oriented Architecture (SOA) applications. This new technology from IBM provides organizations with the ability to scan their critical Web services, representing a significant step forward in the testing support available for SOA environments.
Managing the Ongoing Risk of Compliance and Security
IBM today also announced new risk assessment capabilities in this new version of IBM Rational AppScan. The new features help customers better understand where security vulnerabilities are located and suggest an action plan to minimize further risk. According to IBM research, 80% of users' time is spent on managing the results of security scans.* Even after an issue is identified, users might have trouble understanding the issue, validating whether it really exists, determining how severe it is, and communicating it to other teams who can help fix the problem. With IBM Rational AppScan, customers will save valuable time and money by receiving results that are communicated in a common language that non-security experts understand.
Through new production monitoring capabilities delivered with IBM's Rational AppScan OnDemand offering, users can also catch and be alerted to vulnerabilities, making it easier and quicker to repair flaws and remain compliant. This is especially critical for organizations that make frequent changes to their Web site, and that have an increased need to scan for security vulnerabilities on a regular basis. For instance, a large company that updates its Web site every 15-minutes can now automatically scan their online application four times per hour (i.e. 96 times per day), helping to creating a safer online experience for its customers.
Additionally, security alerts can be sent to mobile devices as they occur, allowing customers to quickly fix vulnerabilities. Previously, security experts would only test applications before they went into production, which would not address the further risks posed after deployment. Today, speed and responsiveness are crucial when dealing with dynamic applications, given the time and money that organizations can lose due to failing to meet compliance mandates or exposing their customers' data to hackers. With IBM Rational AppScan OnDemand, customers now can have confidence that they can continuously act to protect their Web sites and manage compliance risks.
Addressing Security and Compliance throughout the Lifecycle
Customers can also lower costs by implementing security testing throughout the entire software delivery lifecycle, from development through the post-production phase. Bug-ridden, poor quality software costs businesses billions of dollars annually and the cost of identifying and repairing a software defect in a product that is already being used by consumers can cost upwards of $16,000 for each defect. By integrating IBM Rational AppScan Tester Edition into the recently released IBM Rational Quality Manager, teams can build security and compliance testing into the software development and delivery process, avoiding many problems that can be extremely costly to fix at a later point in the software delivery lifecycle.
"We're witnessing a trend with governments mandating that organizations deliver software built with security-tested code. Clearly, application security is moving towards being a compliance requirement, not just a best practice," said Dr. Daniel Sabbah, general manager, IBM Rational Software. "It's more crucial than ever for customers to treat security and compliance as a top priority. By offering customers the ability to infuse continuous security testing into their Web 2.0 and SOA application development, IBM can help them reduce cost, manage risk and provide better online experiences for consumers."
IBM Rational offers security solutions that span across all areas of application delivery, including the development, testing, deployment and operational phases. To learn more about IBM Rational’s security solutions, please visit: http://www.ibm.com/software/rational/offerings/websecurity/.