You can also read and share this article in French, German and Spanish.

In the popular office parody “Office Space,” there’s an ongoing joke about a recent memorandum that requires employees to attach cover sheets to their testing procedure specification (TPS) reports when they submit them to management. When fictional corporate executive Bill Lumbergh confronts employee Peter Gibbons at his cubicle to discuss the TPS cover sheet requirement, Lumbergh famously tells Peter, “I’ll go ahead and make sure you get another copy of that memo, OK?”

How does that classic comedy film relate to IBM’s application security testing solutions? Well, we’ve been so busy rolling out new capabilities that we haven’t had the opportunity to provide you with a recap of our exciting enhancements in a single, convenient location.

Below is a roundup of our top new application security testing capabilities, in case you inadvertently missed one of our memos.

IBM Application Security on Cloud: Empowering Open-Source Testing

According to a Forrester Research report, open source software code currently comprises 80 percent of an average application’s overall code. IBM Application Security Open Source Analyzer offers control and visibility over rapidly expanding open source risks and helps to identify vulnerable open source components in your organization’s software code, as detailed in our recent infographic.

Intelligent Finding Analytics: Simplifying Static Application Security Testing (SAST)

Our clients consistently tell us how challenging it is for them to keep up with the volume of noisy false positive findings in their static application security testing (SAST) programs. Our Intelligent Finding Analytics (IFA) cognitive learning capability enables organizations to achieve SAST false positive removal rates of 98 percent or more without sacrificing security testing quality.

These IFA capabilities often alleviate the need to send findings to security experts before they’re sent to your developers. Our clients also use solutions such as IBM Application Security on Cloud and IBM Security AppScan Source to reduce false positives, lower costs and minimize risk exposure.

Intelligent Code Analytics: Extending SAST Language Coverage

Intelligent Code Analytics (ICA) takes your SAST initiatives even further by leveraging cognitive computing to extend language coverage. This is critically important because coding languages are evolving rapidly, with new frameworks appearing on a routine basis.

Every time ICA encounters a new application program interface (API), it immediately determines whether it might contain a vulnerability and creates a rule. Then, the solution’s analysis engine makes a final determination on whether or not the application’s data flow contains a true vulnerability. Our entertaining and informative video provides a quick overview of our IFA and ICA capabilities.

Test Drive Application Security on Cloud

To test drive our new ICA, IFA and open source application security testing capabilities now, register for our free trial.

Sign Up for a Free Trial of IBM’s Application Security Testing Now

More from Application Security

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today