You can also read and share this article in French, German and Spanish.

In the popular office parody “Office Space,” there’s an ongoing joke about a recent memorandum that requires employees to attach cover sheets to their testing procedure specification (TPS) reports when they submit them to management. When fictional corporate executive Bill Lumbergh confronts employee Peter Gibbons at his cubicle to discuss the TPS cover sheet requirement, Lumbergh famously tells Peter, “I’ll go ahead and make sure you get another copy of that memo, OK?”

How does that classic comedy film relate to IBM’s application security testing solutions? Well, we’ve been so busy rolling out new capabilities that we haven’t had the opportunity to provide you with a recap of our exciting enhancements in a single, convenient location.

Below is a roundup of our top new application security testing capabilities, in case you inadvertently missed one of our memos.

IBM Application Security on Cloud: Empowering Open-Source Testing

According to a Forrester Research report, open source software code currently comprises 80 percent of an average application’s overall code. IBM Application Security Open Source Analyzer offers control and visibility over rapidly expanding open source risks and helps to identify vulnerable open source components in your organization’s software code, as detailed in our recent infographic.

Intelligent Finding Analytics: Simplifying Static Application Security Testing (SAST)

Our clients consistently tell us how challenging it is for them to keep up with the volume of noisy false positive findings in their static application security testing (SAST) programs. Our Intelligent Finding Analytics (IFA) cognitive learning capability enables organizations to achieve SAST false positive removal rates of 98 percent or more without sacrificing security testing quality.

These IFA capabilities often alleviate the need to send findings to security experts before they’re sent to your developers. Our clients also use solutions such as IBM Application Security on Cloud and IBM Security AppScan Source to reduce false positives, lower costs and minimize risk exposure.

Intelligent Code Analytics: Extending SAST Language Coverage

Intelligent Code Analytics (ICA) takes your SAST initiatives even further by leveraging cognitive computing to extend language coverage. This is critically important because coding languages are evolving rapidly, with new frameworks appearing on a routine basis.

Every time ICA encounters a new application program interface (API), it immediately determines whether it might contain a vulnerability and creates a rule. Then, the solution’s analysis engine makes a final determination on whether or not the application’s data flow contains a true vulnerability. Our entertaining and informative video provides a quick overview of our IFA and ICA capabilities.

Test Drive Application Security on Cloud

To test drive our new ICA, IFA and open source application security testing capabilities now, register for our free trial.

Sign Up for a Free Trial of IBM’s Application Security Testing Now

More from Application Security

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Mapping attacks on generative AI to business impact

5 min read - In recent months, we’ve seen government and business leaders put an increased focus on securing AI models. If generative AI is the next big platform to transform the services and functions on which society as a whole depends, ensuring that technology is trusted and secure must be businesses’ top priority. While generative AI adoption is in its nascent stages, we must establish effective strategies to secure it from the onset. The IBM Institute for Business Value found that despite 64%…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today