IBM's AppScan tool adds Adobe Flash, SOA scanning

IBM Rational Wednesday announced an upgraded version of its AppScan vulnerability assessment tool, adding a way to unearth security weaknesses in Adobe Flash-based applications as well as services-oriented architecture components.

View a slideshow that includes this product.

"We worked with Adobe on this so that people can look during the coding phase to find vulnerabilities such as Flash cross-site scripting," says David Grant, director of security and compliance solutions at IBM Rational.

AppScan works by finding and scanning the Flash files in a Web site application. The tool then can determine where security issues exist and make recommendations on how to correct the code.

The multimedia power of Flash has led to its pervasive use across the Web, with an estimated 98% of computers connected to the Internet using the Adobe Flash Player and 80% of Web video delivered worldwide using Flash, IBM says.

There have been attacks that exploit Flash vulnerabilities, particularly in marketing banners, as well as phishing attacks, Grant points out. But the broader issue is the need for code review so that vulnerabilities can be detected and fixed before production

AppScan 7.8 also adds a way to test customer Web services for business-logic vulnerabilities, Grant says. "For Web Services and SOA-based applications, it's better to catch these things early."

AppScan 7.8 starts at $17,550.