IBM Rational AppScan Developer Edition v7.7 Open Beta 2
There are been a lot of buzz around our latest earth-shattering beta release of IBM Rational AppScan Developer Edition v7.7, and I’m happy to now talk a bit more about it! After Beta 1 (in December 2007), I led our development team into the creation of a security analysis tool that goes beyond the typical blackbox testing (aka Dynamic Analysis in our product documentation) of a website.
As the AppScan DE Architect, it became quickly known within the team that we needed to start creating technology that gives developers a stronger “confidence level”in the security issues reported to them. We all know a developer’s job is tedious, and knowing which issues are the most critcal to fix is very important because in reality even if a tool reports 100 issues, only the top 10 may get fixed at development time - so its imparitive that we as tool creators let the developer know which are the 10 most critical issues to fix.
So we set out to do some innovation of our own! We started engaging the idea of integration other forms of analysis with dynamic analysis, specifically static and runtime analysis, to help us get that confidence level we wanted. Shortly after the new year, we spent the last 4 months creating value with this idea.
Last night, really late last night actually, we released a refresh to our official Beta 2 release (that went out on May 31, 2008, just before the IBM Rational Software Development Conference - RSDC 2008). In addition to the delivery of 100 bug fixes, we released two versions of our product. Yes you heard me, two versions - which is what the market has been asking for - believe it or not.
Our Beta 1 was released to be an extension ontop of the RAD 7.5 Open Beta; however, the uptake on that release wasn’t what we wanted. In the new year I repeatedly asked management “What are customers saying? How many downloads do we have? Any feedback?” - in the true sense of Agile development I suppose I was just doing my job :) The answer back was “urgghh”. I quickly figured out that we needed something light-weight and quick and dirty for users to use, so I proposed the plain eclipse solution. Eclipse has an integrated update mechanism known as the Classic Update Manager, and naturally integrating the delivery of our software through that mechanism was the path we needed to take. Hence, our Beta 2 release now includes two installation routes, you can use whichever you prefer:
So enough yammering from me, here is some product highlights for our new functionality in Beta 2:
Product Information (Click here to view the IBM product page)
- Integrated dynamic, runtime, and static analysis: In one scan, you can conduct these types of analyses -
- Static analysis: Also known as white box analysis, this type of analysis allows you to check Java source code for security vulnerabilities.
- Dynamic analysis: With dynamic analysis (also known as black box analysis), you step through your application from a hacker’s perspective, tampering with inputs to uncover security holes.
- Runtime analysis: When you create a scan that includes dynamic analysis testing, you can set the scan to track the flow of execution for any security issues that are found.
Also a shout out to our team (Babita, Alexei, Jennifer, Jeff, and me) who made this beta possible, we all worked extremely hard!
