IBM's Rational AppScan 7.7 (Watchfire is now an IBM company) is a standalone web application assessment product that is part of IBM's Rational software group. Like other standalone products, it is not an enterprise product in itself, but has a related group of Rational AppScan enterprise reporting and management products with which it can integrate. We found the branding of the product has yet to be finalized, since the official brand is IBM Rational AppScan, but Watchfire's site still lists the product as Watchfire AppScan.
Installation of AppScan is easy, as the product works with Windows 2000/XP/Vista/2003 and does not require a database backend. Licensing is automated and painless as well.
AppScan's interface allows for productive management and configuration of scans, results and reporting. As expected with a mature product, the interface is both easy to use for its intended audience, as well as flexible enough to allow for robust customization.
From a performance perspective, AppScan delivers a powerful scanning engine that exceeded expectations in our testing. The product can discover a wide range of vulnerabilities and supports a growing range of architectures, including support for Web 2.0, Flash, JavaScript, AJAX and more. AppScan has a wide array of options, including replay macros, a mechanism to easily report false positives and a simple but useful dashboard view of remediation tasks. Compliance mapping and reporting features in the product are excellent.
We felt that AppScan's documentation is outstanding. Included in the remediation sections are several web-based training (WBT) modules. WBTs are automated slide shows with narrative voiceover to help the user understand the vulnerability in greater detail. While aimed at less experienced security professionals, the WBT's add some nice value to the product.
Pricing for IBM Rational AppScan Standard Edition 7.7 starts at $17,500 and is based on term licenses. Standard support is included with the product. Forum and user community support information on the product was challenging to find via the IBM Rational support site.
Installation of AppScan is easy, as the product works with Windows 2000/XP/Vista/2003 and does not require a database backend. Licensing is automated and painless as well.
AppScan's interface allows for productive management and configuration of scans, results and reporting. As expected with a mature product, the interface is both easy to use for its intended audience, as well as flexible enough to allow for robust customization.
From a performance perspective, AppScan delivers a powerful scanning engine that exceeded expectations in our testing. The product can discover a wide range of vulnerabilities and supports a growing range of architectures, including support for Web 2.0, Flash, JavaScript, AJAX and more. AppScan has a wide array of options, including replay macros, a mechanism to easily report false positives and a simple but useful dashboard view of remediation tasks. Compliance mapping and reporting features in the product are excellent.
We felt that AppScan's documentation is outstanding. Included in the remediation sections are several web-based training (WBT) modules. WBTs are automated slide shows with narrative voiceover to help the user understand the vulnerability in greater detail. While aimed at less experienced security professionals, the WBT's add some nice value to the product.
Pricing for IBM Rational AppScan Standard Edition 7.7 starts at $17,500 and is based on term licenses. Standard support is included with the product. Forum and user community support information on the product was challenging to find via the IBM Rational support site.
