IBM Looks to Secure Application Development Process

With the release of an updated version of IBM Rational AppScan, IBM is making it easier to identify security vulnerabilities by providing a single view of dynamic and static testing results.

At the same time, IBM is trying to make it easier to identify potential issues, such as SQL Injection attacks, with the addition of a new string analysis capability that helps identify vulnerable inputs in Web applications.

According to IBM security expert Jack Danahy, this latest offering is part of IBM’s ongoing effort to get developers to treat security issues like any other flaw in their application. The expectation, said Danahy, is that by taking this approach the application will not only be more secure, but customers will also save hundreds of thousands of dollars that are currently spent remediating applications after they are in production.

According to IBM's 2010 mid-year X-Force report, 55 percent of all vulnerabilities come from Web applications and that more than 4,000 new vulnerabilities being documented compared to last year.

Unless developers are able to take advantage of security vulnerability assessment tools during the development process that help identify and remediate issues, Danahy says IT organizations will have no hope of deploying secure applications in a world where every potential exploit is now quickly discovered.