In the popular office parody “Office Space,” there’s an ongoing joke about a recent memorandum that requires employees to attach cover sheets to their testing procedure specification (TPS) reports when they submit them to management. When fictional corporate executive Bill Lumbergh confronts employee Peter Gibbons at his cubicle to discuss the TPS cover sheet requirement, Lumbergh famously tells Peter, “I’ll go ahead and make sure you get another copy of that memo, OK?”
How does that classic comedy film relate to IBM’s application security testing solutions? Well, we’ve been so busy rolling out new capabilities that we haven’t had the opportunity to provide you with a recap of our exciting enhancements in a single, convenient location.
Below is a roundup of our top new application security testing capabilities, in case you inadvertently missed one of our memos.
IBM Application Security on Cloud: Empowering Open-Source Testing
According to a Forrester Research report, open source software code currently comprises 80 percent of an average application’s overall code. IBM Application Security Open Source Analyzer offers control and visibility over rapidly expanding open source risks and helps to identify vulnerable open source components in your organization’s software code, as detailed in our recent infographic.
Intelligent Finding Analytics: Simplifying Static Application Security Testing (SAST)
Our clients consistently tell us how challenging it is for them to keep up with the volume of noisy false positive findings in their static application security testing (SAST) programs. Our Intelligent Finding Analytics (IFA) cognitive learning capability enables organizations to achieve SAST false positive removal rates of 98 percent or more without sacrificing security testing quality.
These IFA capabilities often alleviate the need to send findings to security experts before they’re sent to your developers. Our clients also use solutions such as IBM Application Security on Cloud and IBM Security AppScan Source to reduce false positives, lower costs and minimize risk exposure.
Intelligent Code Analytics: Extending SAST Language Coverage
Intelligent Code Analytics (ICA) takes your SAST initiatives even further by leveraging cognitive computing to extend language coverage. This is critically important because coding languages are evolving rapidly, with new frameworks appearing on a routine basis.
Every time ICA encounters a new application program interface (API), it immediately determines whether it might contain a vulnerability and creates a rule. Then, the solution’s analysis engine makes a final determination on whether or not the application’s data flow contains a true vulnerability. Our entertaining and informative video provides a quick overview of our IFA and ICA capabilities.
Test Drive Application Security on Cloud
To test drive our new ICA, IFA and open source application security testing capabilities now, register for our free trial.