®




             IBM Rational AppScan & Policy tester


Charles Lupton
Watchfire Sales Mgr UK & Ireland

Gareth O’Sulliv...
IBM Software Group | Rational software


Watchfire Overview
Who were Watchfire:
  Market leader in application security
  ...
IBM Software Group | Rational software


Rational AppScan Press Coverage


 Software Test and Performance Magazine:
 Rocks...
IBM Software Group | Rational software


How would your clients feel if this happened to them ?
 •   Monster.com lost 4.5m...
IBM Software Group | Rational software


Web Compliance Standards increasingly important
 Past customer spending has focus...
IBM Software Group | Rational software


3 Benefits of AppScan
 1. Assists in compliance procedures:-
 •   AppScan covers ...
IBM Software Group | Rational software


3 Benefits of AppScan
 2. Security threats:-
 •   Dynamic web sites are constantl...
IBM Software Group | Rational software


3 Benefits of AppScan
 3. Reduces Costs:-
 •   Through automation – scanning is q...
IBM Software Group | Rational software


IBM Rational AppScan SDLC Ecosystem - AppScan versions

           IBM Rational A...
IBM Software Group | Rational software


Software as a Service (SaaS) - AppScan OnDemand
 Alternative to Software Purchase...
IBM Software Group | Rational software

Security/Compliance Scanning – SaaS                                          Solut...
Upcoming SlideShare
Loading in …5
×

Rational App Scan&Policy Tester

2,122 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,122
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
88
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Rational App Scan&Policy Tester

  1. 1. ® IBM Rational AppScan & Policy tester Charles Lupton Watchfire Sales Mgr UK & Ireland Gareth O’Sullivan Technical Consultant Application Security & Compliance IBM Rational AppScan © 2009 IBM Corporation
  2. 2. IBM Software Group | Rational software Watchfire Overview Who were Watchfire: Market leader in application security #1 in Market Share #1 in Market Share Provider of application security and compliance software and services for Application for Application Security Security Background: – Gartner & IDC – Gartner & IDC Founded 1996, 200+ employees, headquartered in Boston, MA, acquired by IBM in June 2007. Created the first automated Web Application Security testing product Products include: Application security solutions – AppScan Privacy and compliance solutions – Policy Tester (Formerly WebXM/Bobby) Best Security Company
  3. 3. IBM Software Group | Rational software Rational AppScan Press Coverage Software Test and Performance Magazine: Rockstars of Testing November 2008 Code Analysis: IBM’s RATIONAL SOFTWARE ANALYZER DEVELOPER EDITION (WINNER) Security Testing: IBM’s RATIONAL APPSCAN STANDARD EDITION (WINNER) SOA/Web Services Testing: IBM’s RATIONAL TESTER FOR SOA QUALITY (WINNER) Load/Performance Testing: IBM's RATIONAL PERFORMANCE TESTER (RUNNER-UP)
  4. 4. IBM Software Group | Rational software How would your clients feel if this happened to them ? • Monster.com lost 4.5m records in February 2009 • Panasonic web site hacked & prices turned to pennies Feb 2009 • American Express hit by XSS bugs Dec 2008 • BT web site hacked by prominent hacker Mar 2009 • US arm of RBS faces £141m lawsuit after admitting hackers breached web site Mar 2009 • Sony playstation site hit by SQL injection attack July 2008 What impression does this give ? What damage does it do to the brand ? Would you use these web sites again? Who gets the phone call when this happens?
  5. 5. IBM Software Group | Rational software Web Compliance Standards increasingly important Past customer spending has focused on network security - yet 75% of attacks come through Web applications. Every lost record costs $138 USD to the organization who lost it. Nearly 45% of security incidents are caused by privileged, ‘inside’ users. 40-60% of user accounts are “orphan” accounts— those not belonging to active users. Vulnerabilities are growing at an alarming rate “We estimate that 90 percent of externally accessible applications today are Web-enabled, and that two-thirds of them have exploitable vulnerabilities.” — Gartner Group
  6. 6. IBM Software Group | Rational software 3 Benefits of AppScan 1. Assists in compliance procedures:- • AppScan covers regulations 6.6 and 11 in the PCI schedule. (Maintaining secure systems & regularly testing them) AppScan can feed into a PCI compliance process • Provides remediation on all defects and 40 different compliance reports • Provides a proven audit trail • Automates compliance process
  7. 7. IBM Software Group | Rational software 3 Benefits of AppScan 2. Security threats:- • Dynamic web sites are constantly changing • 75% of companies are expected to experience a security threat before 2012 (Gartner) • Identifies internal threats as well as external threats ie Intranets and Extranets • Highlights top threats such as XSS and SQL injection
  8. 8. IBM Software Group | Rational software 3 Benefits of AppScan 3. Reduces Costs:- • Through automation – scanning is quicker and less prone to human error • Application security improves application functionality and time to market • Reduces the cost of external resources such as PEN testers • Secure Apps reduce the risk and cost of brand damage • Finding security defects early saves money • The internet has to be maintained as a channel to market
  9. 9. IBM Software Group | Rational software IBM Rational AppScan SDLC Ecosystem - AppScan versions IBM Rational AppScan Enterprise / Reporting Console AppScan Ent. AppScan Ent. AppScan AppScan AppScan AppScan (scanning agent) QuickScan Standard Ed Developer Ed QuickScan Enterprise user Standard Ed (web client) (web client) (desktop) (desktop) (Eclipse IDE) AppScan Build Ed (web client) AppScan Express AppScan (desktop) Eclipse Source Build Tester Ed / RAD Control System (RQM/HPQC) Rational ClearQuest / Defect Management Automate Security / Security / compliance testing Security and Compliance Build security testing Testing, oversight, control, Compliance testing in incorporated into testing & into the IDE policy, in-depth tests the Build Process remediation workflows Code Build QA Security IBM Rational Web Based Training for AppScan
  10. 10. IBM Software Group | Rational software Software as a Service (SaaS) - AppScan OnDemand Alternative to Software Purchase - Outsourced Model Hosting outsourced to IBM/Rational IBM performs setup, hardware, upgrades, maintenance, backups—removing these tasks from client Software is rented from IBM No license entitlement IBM performs product installation IBM keeps product up to date with application of Service packs and product upgrades Product configuration partially outsourced to IBM/Rational via Solution Management service Collaborative model in which IBM configures product and/or assists client in production configuration IBM supports client as needed = customer success Client can contract for additional Solution Mgmt hours if complete outsourcing model is desired
  11. 11. IBM Software Group | Rational software Security/Compliance Scanning – SaaS Solution Management Solution Management Customer Focus Customer Focus Job Configuration Job Configuration Fix Issues Scan Site Appscan Policy Tester/ASE Enterprise Filter and Prioritize Process Filter and Prioritize Issues Issues Store Data Generate Reports (Measure Progress) Analyze Reports Solution Management Solution Management

×