You can also read and share this article in French, German and Spanish.

In the popular office parody “Office Space,” there’s an ongoing joke about a recent memorandum that requires employees to attach cover sheets to their testing procedure specification (TPS) reports when they submit them to management. When fictional corporate executive Bill Lumbergh confronts employee Peter Gibbons at his cubicle to discuss the TPS cover sheet requirement, Lumbergh famously tells Peter, “I’ll go ahead and make sure you get another copy of that memo, OK?”

How does that classic comedy film relate to IBM’s application security testing solutions? Well, we’ve been so busy rolling out new capabilities that we haven’t had the opportunity to provide you with a recap of our exciting enhancements in a single, convenient location.

Below is a roundup of our top new application security testing capabilities, in case you inadvertently missed one of our memos.

IBM Application Security on Cloud: Empowering Open-Source Testing

According to a Forrester Research report, open source software code currently comprises 80 percent of an average application’s overall code. IBM Application Security Open Source Analyzer offers control and visibility over rapidly expanding open source risks and helps to identify vulnerable open source components in your organization’s software code, as detailed in our recent infographic.

Intelligent Finding Analytics: Simplifying Static Application Security Testing (SAST)

Our clients consistently tell us how challenging it is for them to keep up with the volume of noisy false positive findings in their static application security testing (SAST) programs. Our Intelligent Finding Analytics (IFA) cognitive learning capability enables organizations to achieve SAST false positive removal rates of 98 percent or more without sacrificing security testing quality.

These IFA capabilities often alleviate the need to send findings to security experts before they’re sent to your developers. Our clients also use solutions such as IBM Application Security on Cloud and IBM Security AppScan Source to reduce false positives, lower costs and minimize risk exposure.

Intelligent Code Analytics: Extending SAST Language Coverage

Intelligent Code Analytics (ICA) takes your SAST initiatives even further by leveraging cognitive computing to extend language coverage. This is critically important because coding languages are evolving rapidly, with new frameworks appearing on a routine basis.

Every time ICA encounters a new application program interface (API), it immediately determines whether it might contain a vulnerability and creates a rule. Then, the solution’s analysis engine makes a final determination on whether or not the application’s data flow contains a true vulnerability. Our entertaining and informative video provides a quick overview of our IFA and ICA capabilities.

Test Drive Application Security on Cloud

To test drive our new ICA, IFA and open source application security testing capabilities now, register for our free trial.

Sign Up for a Free Trial of IBM’s Application Security Testing Now

More from Application Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…