Application source code security assessment

• Assists in reducing risk, cost and complexity by identifying security weaknesses earlier in the development life cycle
• Helps optimize resources by prioritizing the most critical vulnerabilities for remediation
• Delivers audit-ready reports to help drive regulatory compliance for application security
• Increases application productivity and helps decrease downtime
• Provides a more complete and accurate application security assessment when combined with an IBM dynamic application security assessment
• Eliminates the need to maintain expensive application security resources on staff

Today a strong majority of cyber attacks (at least 75 percent) target the application layer where customer information, credit card numbers and other valuable data resides¹. As organizations face growing threats to their custom applications-especially Web applications-they are seeking proactive solutions to address source code weaknesses. However, most organizations do not have the in-house resources needed to conduct an effective assessment or properly begin remediation.

IBM application source code security assessment service is designed to identify vulnerabilities in applications early in the software development lifecycle to help reduce risk and cost of remediation. The service can also help meet compliance requirements for application security testing. Built on a "testing-as-a-service" model, IBM leverages its market-leading Rational® AppScan® Source Edition software without requiring customers to acquire or maintain any software.

IBM is a market leader in application security and offers hands-on expertise to interpret test results, validate findings and prioritize vulnerabilities for remediation. When coupled with an IBM dynamic application security assessment, this service provides a comprehensive picture of application security posture.

¹ X-Force 2009 Mid-Year Report

• IBM Application Security Software