IBM Security AppScan Standard V8.6 is a industry-leading desktop solution that is designed for security teams to perform Dynamic Application Security Testing (DAST) of web applications and web services for all relevant Web Application Security Consortium Threat Classification version 2 (WASC TCv2) threat classes, such as SQL-Injection, Cross-Site Scripting, and Buffer Overflows.

With IBM Security AppScan Standard, you can:

• Scan complex web applications including those that utilize Adobe™ Flash, JavaScript, AJAX, and SOAP web services
• Leverage Interactive Application Security Testing (IAST) or glass box testing to expand web application coverage and provide the line of code matching the proof of exploit with the precise code
• Discover malware and undesirable links embedded in websites with fully integrated malware testing
• Apply static taint analysis with JavaScript Security Analyzer to identify client-side security issues, such as Document Object Model (DOM)-based cross site scripting, Code Injection, Open Redirect, Cross-Site Request Forgery (CSRF) Bypass, Dual Session, Port Manipulation, and Protocol Manipulation
• Simplify remediation by identifying vulnerabilities and generating detailed results through comprehensive scanning coverage
• Address regulatory requirements such as Payment Card Industry (PCI), Gramm-Leach-Bliley Act (GLBA), and Health Insurance Portability and Accountability Act (HIPAA) using more than 40 available compliance reports
• Address key compliance standards such as PCI Data Security Standard

IBM® Security AppScan® Standard V8.6 delivers:

• Next generation Dynamic Application Security Testing (DAST) scanning engine re-architected to use a single technology platform (.NET) that fits all DAST products. The JavaScript Security Analyzer (JSA) extension is built into the DAST scanning engine.
• New Cross-Site Scripting (XSS) detection module, XSS Analyzer, with a "learning system" that tailors a unique, custom XSS payload, from a knowledge base of millions of potential payloads, and speeds scan results.
• Redesigned Security Reporting, in an easy-to-read format including more actionable results.
• Application Data view that is now the default view during the Explore stage. It is updated live as IBM Security AppScan explores the site, and data in all three panes can be clicked on and viewed.
• New Result list toolbar and new Pages view that provides a list of web components as well as links pointing to and from the page. You get a more efficient assignment of parameters.
• Glass box agent that now adjusts IBM Security AppScan's Environmental Definition configuration automatically.
• The scan log that is now saved as part of the scan. When a saved scan is loaded, the existing scan log loads and data is added to it as scanning continues.
• Two utilities, Traffic Viewer and a Fiddler add-on, that are now included in IBM Security AppScan for support purposes.