230/2007
Hackern auf der Spur
IBM stellt heute eine neue Software vor, die Kunden vor Angriffen aus dem Web schützt. Die bereits nach der Übernahme von Watchfire im Sommer 2007 angekündigte Version von IBM Rational AppScan ist hier eines der Schlüsselprodukte, das höchste Qualität bei Web-Anwendungen ermöglicht.
Web-Anwendungen bieten besonders für Hacker hochinteressante Angriffspunkte, gleichzeitig jedoch treffen nur wenige Unternehmen regelmäßig Sicherheitsvorkehrungen einer möglichen Gefahr zu entgegen. Gerade in Zeiten des Web 2.0 benötigen Unternehmen Lösungen, die Sicherheitsrisiken identifizieren und vorbeugen, das Ganze möglichst automatisiert. IBM Rational AppScan identifiziert, validiert und berichtet über Schwachstellen in den Anwendungen, ermöglicht neue Methoden für Sicherheitsbeauftragte und berechtigt gleichzeitig einem Pool von IT-Verantwortlichen, kritische Web-Anwendungen auf ihre Sicherheit hin zu testen.
Die IBM Lösung ermöglicht durch zwei neue Tools (Scan Expert und State Inducer), dass Entwickler, Tester und IT-Experten nicht nur die Schwachstellen identifizieren, sondern diese auch gleich beheben können.
“Früher lag das Web Application Security Testing traditionell bei den Sicherheitsbeauftragten. Aber dies geht nicht immer einher mit den tatsächlichen Anforderungen in den Unternehmen“, erklärt Markus Wiens, Marketing Manager Rational, IBM Deutschland. „Mit den neuen Zusatzfunktionen von IBM Rational AppScan sparen unsere Kunden Zeit und Geld, indem die Tests von Web-Anwendungen schon frühzeitig in den Software-Lebenszyklus eingebunden werden.“
Eine Test-Version von IBM Rational AppScan kann unter folgendem Link herunter geladen werden: https://www.watchfire.com/securearea/appscan.aspx. Ebenso können Interessenten an einem Webseminar, wie auch auch auf einem Proof-of-Technology Workshop zum Thema Software-Quality informieren. Näheres dazu unter ibm.com/software/de/events/rational_all.html.
Weitere Informationen zum Produkt finden sich unter: ibm.com/software/rational/ sowie in der englischen Original-Meldung
New IBM Security Scanning Software Protects Businesses from Hackers
ARMONK, NY, November 13, 2007. . .IBM (NYSE: IBM) today introduced new software to help customers protect their business from today’s most advanced and complex web application security attacks. The first release of IBM Rational AppScan, a market leading web application security technology acquired by IBM from Watchfire in July, 2007, is a key-part of IBM’s software portfolio that helps ensures high quality applications are delivered to the marketplace.
Web applications are high value targets for hackers yet many organizations have a difficult time tackling security due, in part, to a lack of application security knowledge and the size and complexity of today's websites that incorporate the latest in Web 2.0 technology. Businesses need automated solutions capable of identifying and protecting from these weaknesses. IBM Rational AppScan identifies, validates and reports on application security vulnerabilities and with this new version, introduces new features and reporting methods for security auditors while enabling a broader pool of IT roles to participate in and drive critical web application security testing.
Traditionally, testers, developers, and IT professionals have lacked the specific security knowledge needed to effectively run scans. Two new capabilities in IBM Rational AppScan, Scan Expert and State Inducer, broaden the availability of this critical function so IT personnel, software developers and testers are capable of running successful scans while at the same time also add new features to assist security professionals.
Scan Expert packages the best practices of an expert such as automatically profiling an application and providing the best test configuration for a successful scan. This enables more successful scanning for users with little IBM Rational AppScan or web application security experience, while improving efficiency for more knowledgeable security experts.
Furthering its leadership in support of complex Web 2.0 technologies that includes support for Ajax and Flash, the new State Inducer feature introduces accurate assessment of multi-step processes within applications. These include adding to a shopping cart and checking out, filling multiple forms while applying for a loan, or booking an airline reservation. Until now, users would have to manually test each of these areas of the application. With State Inducer, IBM Rational AppScan can learn these sequences, ensuring they are accurately assessed for security issues, further automating, saving time and simplifying the testing process.
To further educate users on how to build more secure applications IBM Rational AppScan includes additional advancements. First, the product adds recorded web-based training (WBT) advisories that incorporate the industry’s first application security training directly into the solution. WBT is an ideal way to educate non-security professionals on application security fundamentals and product best practices. With the rapid emergence of new compliance legislation, IBM Rational AppScan helps organizations comply with dozens of industry standards and has been updated to include a leading 44 out-of-the-box compliance reports including the Family Education Rights and Privacy Act (FERPA), and payment application best practices (PABP) as suggested by the credit card industry.
“With IBM Rational AppScan, Standard Chartered Bank is educating its developers and IT staff on the importance of web application security incorporated throughout the development lifecycle,” said John Meakin, group head of information security, Standard Chartered Bank. “IBM Rational AppScan lets us establish best practice in our coding and testing processes, thereby ensuring the security and compliance of our web applications. This is reducing costs, enhancing the security of our products, and improving our security testing productivity.”
Businesses today have hundreds of critical applications that need to be tested in a timely manner. Integrating security with quality management testing tools simplifies security testing and remediation throughout the software lifecycle. IBM has also introduced new enhancements to its IBM Rational software delivery portfolio to make it even easier for customers to deliver higher quality, scalable applications.
For example, telecommunications companies can now take advantage of IBM Rational Performance Tester’s support for VoIP systems, internet telephony and instant messaging via SIP (session initiation protocol) – a key standard in the telecommunications industry.
Best of breed security and quality testing solutions integrated from one vendor enables IBM customers to more effectively build security into their application delivery process.
“Traditionally, Web application security testing has been owned by security experts, but that is out of synch with the requirements of processes within companies today,” said Dr. Danny Sabbah, general manger, IBM Rational Software. “The addition of IBM Rational AppScan will help users save time and money by integrating web application testing further into the software lifecycle process.”
Pricing and Availability:
IBM Rational AppScan is available on November 19, with pricing starting at US $14,400. Customers in Japan can also download a new Japanese-language version of IBM Rational AppScan.
For more information, visit http://www.ibm.com/software/rational/or to download an evaluation copy of IBM Rational AppScan please visit https://www.watchfire.com/securearea/appscan.aspx.
Weitere Informationen für die Presse:
Christine Paulus
IBM Deutschland
Media Relation Software Group
Tel: 089 4504 1396
Ho: 089 260 255 33
E-Mail: christine.paulus@de.ibm.com |
