AppScan performs automated tests on applications to determine if they are vulnerable to both known and unknown security vulnerabilities, said Diane Fraiman, vice-president of marketing at Sanctum.
AppScan follows what the company calls a "positive security model", testing its applications to ensure that they do only what they're intended to, as opposed to preventing all unintended actions, she said. The program is designed to be used as part of the application development process so that vulnerabilities can be caught before the software is deployed, she added.
The lastest version of AppScan gives developers and auditors a new set of tools to attempt to ferret out those security risks. The program's performance has been boosted and its scanning options broadened.
Application scans can now be performed collaboratively, with different tasks assigned to different testers, even those located at separate sites.
Scans are also now savable, so that they can be rerun to verify results and test updates and modifications to determine whether vulnerabilities have been eliminated.
AppScan 3.0 also sports a number of user interface enhancements in both the scanning and reporting sections of the program. Because version 3.0 now runs on Windows 2000, broadening its platform support beyond Linux, the software has inherited some of the user interface benefits of the Windows interface. Also added is contextual help, designed to aid the beginning or non-expert user.
Reporting has been bolstered in the new version with new ways of viewing and presenting reports, as well as by offering more detailed information. Reports generated by AppScan 3.0 offer new data filters, new ways to sort the data, deeper detail, new highlights, fonts and more.
AppScan 3.0 also improves accuracy over previous versions, with Sanctum claiming less than 1% false positives returned and adding tests for HTTP header and request testing, Fraiman said.
AppScan 3.0 will be available early May in the US and Europe and by late summer in Japan. The product is sold on a subscription basis, with maintenance updates released about once a month and more major updates offered every eight to 10 weeks.
End-user licences cost $15,000 (£10,298) per year for one user and licences for auditors are priced depending on tasks and sold in 30-day packages.