IBM is looking to mitigate some of the most common security threats at the coding level with the latest release of its AppScan platform, which leverages technology from IBM Research.
Specifically, AppScan version 8 uses string analysis, which aims to root out soft spots in applications that could leave them vulnerable to cross-site scripting (XSS) or SQL injection attacks, two of the most popular threat vectors among hackers and malware purveyors. eSecurity Planet takes at look at IBM’s new AppScan release.
Cross-site scripting (XSS) and SQL injection flaws are among the most common and lethal types of security vulnerabilities. Both sets of flaws often stem from the same root cause, which is typically some form of an input validation issue. Ensuring that input validation is done correctly is no easy task, which is where the new IBM Rational AppScan 8 platform comes into play.
The new AppScan release includes technology from IBM Research for string analysis, which may help to mitigate or eliminate XSS and SQL injection issues at the coding level, before applications ever reach production.