You can also read and share this article in French, German and Spanish.

In the popular office parody “Office Space,” there’s an ongoing joke about a recent memorandum that requires employees to attach cover sheets to their testing procedure specification (TPS) reports when they submit them to management. When fictional corporate executive Bill Lumbergh confronts employee Peter Gibbons at his cubicle to discuss the TPS cover sheet requirement, Lumbergh famously tells Peter, “I’ll go ahead and make sure you get another copy of that memo, OK?”

How does that classic comedy film relate to IBM’s application security testing solutions? Well, we’ve been so busy rolling out new capabilities that we haven’t had the opportunity to provide you with a recap of our exciting enhancements in a single, convenient location.

Below is a roundup of our top new application security testing capabilities, in case you inadvertently missed one of our memos.

IBM Application Security on Cloud: Empowering Open-Source Testing

According to a Forrester Research report, open source software code currently comprises 80 percent of an average application’s overall code. IBM Application Security Open Source Analyzer offers control and visibility over rapidly expanding open source risks and helps to identify vulnerable open source components in your organization’s software code, as detailed in our recent infographic.

Intelligent Finding Analytics: Simplifying Static Application Security Testing (SAST)

Our clients consistently tell us how challenging it is for them to keep up with the volume of noisy false positive findings in their static application security testing (SAST) programs. Our Intelligent Finding Analytics (IFA) cognitive learning capability enables organizations to achieve SAST false positive removal rates of 98 percent or more without sacrificing security testing quality.

These IFA capabilities often alleviate the need to send findings to security experts before they’re sent to your developers. Our clients also use solutions such as IBM Application Security on Cloud and IBM Security AppScan Source to reduce false positives, lower costs and minimize risk exposure.

Intelligent Code Analytics: Extending SAST Language Coverage

Intelligent Code Analytics (ICA) takes your SAST initiatives even further by leveraging cognitive computing to extend language coverage. This is critically important because coding languages are evolving rapidly, with new frameworks appearing on a routine basis.

Every time ICA encounters a new application program interface (API), it immediately determines whether it might contain a vulnerability and creates a rule. Then, the solution’s analysis engine makes a final determination on whether or not the application’s data flow contains a true vulnerability. Our entertaining and informative video provides a quick overview of our IFA and ICA capabilities.

Test Drive Application Security on Cloud

To test drive our new ICA, IFA and open source application security testing capabilities now, register for our free trial.

Sign Up for a Free Trial of IBM’s Application Security Testing Now

More from Application Security

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Vulnerability management, its impact and threat modeling methodologies

7 min read - Vulnerability management is a security practice designed to avoid events that could potentially harm an organization. It is a regular ongoing process that identifies, assesses, and manages vulnerabilities across all the components of an IT ecosystem. Cybersecurity is one of the major priorities many organizations struggle to stay on top of. There is a huge increase in the number of cyberattacks carried out by cybercriminals to steal valuable information from businesses. Hence to encounter these attacks, organizations are now focusing…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…