IBM's AppScan tool adds Adobe Flash, SOA scanning

AppScan 7.8 can now scan Flash files for security vulnerabilities

IBM Rational announced Wednesday an upgraded version of its AppScan vulnerability assessment tool, adding a way to unearth security weaknesses in Adobe Flash-based applications as well as services-oriented architecture components.

"We worked with Adobe on this so that people can look during the coding phase to find vulnerabilities such as Flash cross-site scripting," says David Grant, director of security and compliance solutions at IBM Rational.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

AppScan works by finding and scanning the Flash files in a Web site application. The tool then can determine where security issues exist and make recommendations on how to correct the code.

The multimedia power of Flash has led to its pervasive use across the Web, with an estimated 98 percent of computers connected to the Internet using the Adobe Flash Player and 80 percent of Web video delivered worldwide using Flash, IBM says.

There have been attacks that exploit Flash vulnerabilities, particularly in marketing banners, as well as phishing attacks, Grant points out. But the broader issue is the need for code review so that vulnerabilities can be detected and fixed before production.

AppScan 7.8 also adds a way to test customer Web services for business-logic vulnerabilities, Grant says. "For Web Services and SOA-based applications, it's better to catch these things early."

AppScan 7.8 starts at $17,550.

Network World is an InfoWorld affiliate.

This story, "IBM's AppScan tool adds Adobe Flash, SOA scanning" was originally published by Network World.