IBM Rational AppScan 7.7
Strengths: Powerful scanning engine, robust set of options, excellent documentation
Weaknesses: True enterprise management requires the purchase of additional AppScan products
Verdict: A web application-assessment tool that delivers quality and value
IBM's Rational AppScan 7.7 (Watchfire is now an IBM company) is a stand-alone web application assessment product that is part of IBM's Rational software group. Like other stand-alone products, it is not an enterprise product in itself, but has a related group of Rational AppScan enterprise reporting and management products it can integrate with. We found the branding of the product has yet to be finalised, since the official brand is IBM Rational AppScan, but Watchfire's site still lists the product as Watchfire AppScan.
Installation is easy, as the product works with Windows 2000/XP/Vista/2003 and does not require a database backend. Licensing is automated and painless as well.
AppScan's interface allows for productive management and configuration of scans, results and reporting. As you would expect with a mature product, the interface is both easy to use for its intended audience as well as flexible enough to allow for robust customisation.
We felt that AppScan's documentation is outstanding. Included in the remediation sections are several web-based training modules. These consist of automated slide shows with narrative voiceover to help the user understand the vulnerability in greater detail. Although they may be aimed at less experienced security professionals, they add some nice value to the product.
Pricing for IBM Rational AppScan Standard Edition 7.7 starts at £12,018 for UK customers and is based on term licenses. Standard support is included with the product. Forum and user community support information on the product was challenging to find via the IBM Rational support site.