Skip to main content

Improving Your Web Application Software Development Life Cycle's Security Posture with IBM Rational AppScan


Note: This is publication is now archived. For reference only.


Published on 29 May 2009

  1. .PDF (1.2 MB)

Share this page:   

IBM Form #: REDP-4530-00

Authors: Axel Buecker, Frederik De Keukelaere and Danny Allan

    menu icon


    Hackers on the Internet have evolved from fame-hungry sabotage to fraud to profitable organized data and identity theft. As this evolution continues, it is important for business leaders to consider the security of their Web applications as a vital performance indicator of the success of their business.

    In this IBM® Redguide™ publication, we explain how your organization can evaluate its risk for hackers entering into your systems. We also explain how your organization can implement security testing and integrate solutions to improve security and protect your information assets.

    In the first part of this Redguide publication, we discuss how to evaluate the risk that your organization is exposed to. We explain why your organization is the target of attacks and who is behind them. We illustrate the impact that successful attacks can have on your organization. We show the latest trends and statistics in Web application vulnerabilities and the underground trade of stolen information. We give a technical overview of the areas where your application can be attacked and discuss the two most common Web application vulnerabilities.

    In the next part of this Redguide publication, we introduce the software development life cycle of Web applications and illustrate how security fits into this life cycle. We provide a step-by-step approach to integrating Web application security testing into your software development life cycle. We also show how and where you can use IBM Rational® products in your software development life cycle to improve the security of your organization based on your business needs.

    We conclude this guide with a business scenario in which an organization without any Web application security testing gradually transforms into an organization that delivers high quality secure products.

    Table of Contents

    Executive overview

    Uncovering the basics of IT attack patterns and their effect on your organization

    Pinpointing Web application weaknesses

    Protecting your Web applications from attacks

    Business scenario: A step-by-step approach to Web application security



    Others who read this also read