Channels ▼
RSS

Web Development

IBM Software Scrutinizes Simultaneous Security Analysis


IBM has this week released the latest iteration of its analysis software, aligned to help design, build, and manage secure applications with a consolidated software vulnerability analysis and reporting function.

The company describes the simultaneous threat vulnerability and security analysis utility within its IBM Rational AppScan portfolio as a new tool for developers to assess security threats across the entire software development lifecycle to test security exposure — the product is also positioned as being able to help reduce risks and the costs associated with compliance concerns.

As part of the new features here, IBM Research says it has brought forward the advantages of string analysis — a software development capability that helps simplify the security testing process by automatically detecting and verifying which web application development input needs to be cleansed to remove security risks. This capability is said to help accelerate the accuracy and efficiency of security testing by the development community, regardless of security expertise.

With automated application security audits and source code scanning to measure whether the network and web-based applications are secure and compliant, IBM Rational AppScan will now automate security scanning with hybrid analysis capabilities. This hybrid analysis provides automated correlation of results from static code analysis and dynamic analysis to increase vulnerability identification in automated software. The end results being that better vulnerability identification and remediation are achieved if the software is deployed intelligently.

As cited in IBM's 2010 mid-year X-Force Trend Report, 55 percent of all vulnerabilities come from web applications, making it the greatest source of risk for organizations. The research indicates that computer security threats rose by 36 percent in the first half of 2010, resulting in more than 4,000 new vulnerabilities being documented compared to last year.

"As vulnerabilities become more prevalent, testing across the entire development lifecycle without having to invest in additional development resources and skills is significant for the bottom line," said Steve Robinson, GM for IBM Security Solutions. "Through the ongoing value brought by the acquisitions of Ounce Labs and Watchfire Corp., combined with our R&D expertise, we can now provide more comprehensive security governance, collaboration and risk management solutions that further protect organizations from malicious attacks."


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 
Dr. Dobb's TV