2. IBM Software Group | Rational software
Rational Security: Operationalizing Security Testing
Customers are addressing Web Application Security in three ways:
Enable Security
Specialists Embed Security into
Development Outsource Security
Testing
AppScan Standard AppScan Developer / Build AppScan OnDemand
AppScan Enterprise AppScan Tester AppScan Security Consulting
Control, Monitor, Collaborate & Report Web Application Security Testing
AppScan Reporting Console
3. IBM Software Group | Rational software
Security Testing Within the Software Lifecycle
SDLC
Coding Build QA Security Production
Developers
Developers
Developers
Application Security Testing Maturity
4. IBM Software Group | Rational software
Introducing:
Rational AppScan Tester Ed for Quality Manager
bringing security testing to QA teams
Allows QA teams to manage Security Testing just like they manage
Quality and Performance testing
Allows the organization to scale security testing in-line within the
existing development process
Seamless integration with Rational Quality Manager (RQM) for
automated test lab management
Enables the efficient & successful adoption of security testing by non-
security experts
5. IBM Software Group | Rational software
IBM Rational AppScan Offerings
AppScan Enterprise / Reporting Console
AppScan Ent. (scanning agent) AppScan AppScan
AppScan AppScan Build Ed
Developer Ed QuickScan (QA clients) Enterprise user Standard Ed
(web client) (scanning agent) (web client) (desktop)
(desktop) AppScan Tester Ed
AppScan Express
Rational Rational (desktop)
Application Software Rational Rational Rational Quality
Developer Analyzer ClearCase BuildForge Manager
Rational ClearQuest / Defect Management
CODE BUILD QA SECURITY
Build security testing into the
IDE* Automate Security / Compliance Security / compliance testing Security & Compliance Testing,
testing in the Build Process incorporated into testing & oversight, control, policy, audits
remediation workflows
IBM Rational Web Based Training for AppScan
6. IBM Software Group | Rational software
IBM Rational AppScan Ecosystem
AppScan Enterprise / Reporting Console
AppScan Ent. (scanning agent) AppScan AppScan
AppScan AppScan Build Ed
Developer Ed QuickScan (QA clients) Enterprise user Standard Ed
(web client) (scanning agent) (web client) (desktop)
(desktop) AppScan Tester Ed
AppScan Express
Rational Rational (desktop)
Application Software Rational Rational Rational Quality
Developer Analyzer ClearCase Build Forge Manager
Rational ClearQuest / Issue Management
CODE BUILD SECURITY
QA
Build security testing into the
IDE* Automate Security / Compliance Security / compliance testing Security & Compliance Testing,
testing in the Build Process incorporated into testing & oversight, control, policy, audits
remediation workflows
IBM Rational Web Based Training for AppScan
7. IBM Software Group | Rational software
Centralized test management hub allowing full lifecycle
support across all types of testing and platforms
IBM Collaborative Application Lifecycle Management
Rational Quality Manager
Quality Dashboard
Requirements Test Management and Execution Defect
Management Management
Create Build Manage Report
Plan Tests Test Lab Results
Open Platform
Best Practice Processes
JAZZ TEAM SERVER
SAP System z, i
Java Open Lifecycle Service Integrations
.NET
Functional Security and
Testing Performance Code Compliance
Web Service
Testing Quality Quality
homegrown
9. IBM Software Group | Rational software
Rational AppScan Tester Edition
Integrates security into quality assurance testing:
Defines standard security templates and test policies
Quality assurance personnel can author and execute security scans as part of
their normal quality assurance testing runs
Security scan results are available in Rational Quality Manager dashboards and
reports
Security issues can be tracked in Rational Quality Manager, as defects
10. IBM Software Group | Rational software
In this demo
Create a web application security scan.
Run the security scan
Analyze the results
Report a defect
The impact on the dashboard.
54. IBM Software Group | Rational software
Centralized test management hub allowing full lifecycle
support across all types of testing and platforms
IBM Collaborative Application Lifecycle Management
Rational Quality Manager
Quality Dashboard
Requirements Test Management and Execution Defect
Management Management
Create Build Manage Report
Plan Tests Test Lab Results
Open Platform
Best Practice Processes
JAZZ TEAM SERVER
SAP System z, i
Java Open Lifecycle Service Integrations
.NET
Functional Security and
Testing Performance Code Compliance
Web Service
Testing Quality Quality
homegrown