Everything Computes Customer Login  Search  Japanese Language version
Products
AppScan Rational Policy Tester Housing & Compliance Fanatical Success Partners News & Events About Us
AppScan Web Application Security
Products:

OnDemand Services:

Download Appscan

AppScan Tester Edition

Moving Web Application Security Testing Into QA: A Phased Approach

Web application security is maturing from an independent function performed by specialized security personnel to one that is becoming integrated into current QA processes. Due to the dynamic and often complex nature of modern websites and applications, this shift in security testing responsibility should be adopted slowly and in a phased approach.

Phase I

  • Small security audit teams focused on web application testing
  • Push issues to development for remediation
  • Typically less than 10% of all web applications are being tested for vulnerabilities

Phase II

  • Web application security issues now being tracked in a defect tracking tool alongside quality and performance issues
  • Security audit teams still responsible for testing but now QA sees the defects and are introduced to web application security to ensure defects are corrected
  • A lack of formal process for web application security resulting in testing typically covering less than 20% of applications

Phase III

  • Quality Assurance teams are fully immersed in web application security testing and triage -- security testing teams can focus on policy setting, performing ad hoc pen tests, compliance reporting, etc.
  • The full value of web application security testing is realized and web application security testing is approaching 100%.

AppScan Tester Edition

Regardless of your current security testing maturity phase, Everything Computes has an offering to help you integrate security testing into the QA process

AppScan Tester Edition: includes the QA Defect Logger enabling your security testing teams to continue to configure and run scans within the web application security scanner knowing that findings are quickly and easily logged to your defect tracking tool of choice. The AppScan Tester Edition Defect Logger is integrated with the following solutions:

  • IBM® Rational® ClearQuest
  • Microsoft Visual Studio Team System
  • Mercury Quality Center

With the AppScan QA Defect Logger, security testing teams are no long reporting issues on an ad hoc bases ( such as by phone or by email ) to the development organization.

AppScan Enterprise Edition for IBM Rational ClearQuest: provides enterprise visibility into web application security testing. With the integration to IBM Rational ClearQuest, visibility is increased as QA metrics can expand to report on web application security defects along side of existing types of defects.

AppScan Tester Edition for HP (formerly Mercury) Quality Center: seamlessly integrates web application security testing into the QA environment. Security tests are added to existing test plans without the need for QA personnel to use or learn new security testing tools, effecting expanding test coverage beyond functional and performance testing without leaving their existing QA environment.


AppScan QA

Benefits

  • Provides QA teams a single console and environment for managing security and quality tests of web applications
  • Delivers real-time training on secure testing and coding techniques
  • Automates security testing and execution as part of the normal QA run

Related Links


AppScan Voted Best Security Product for Developers

JOLT Product Excellence Award


IBM Rational Software Development Conference 2008

IBM Rational Software Development Conference 2008

Register Now

Call for Papers
Privacy Policy | Accessibility Policy | Terms of Use | Contact Us | Get Adobe Reader
Copyright ©2008 Everything Computes, Inc.