July 1, 2019 marks a new beginning for AppScan. As part of a business deal valued at $1.8B, IBM divested a number of business lines to HCL, an India-based technology vendor. Among the divested businesses was AppScan, an application security testing suite for web applications, APIs and mobile apps.

AppScan was initially developed by Israeli software company Sanctum and first released in the early 2000s. Sanctum was a cybersecurity pioneer credited with several security innovations, including the first web application firewall (WAF) and the first automated web application security testing tool, which went on to become AppScan.

In 2004, Sanctum was acquired by US-based Watchfire and became its flagship product and main R&D site.

In 2007, Watchfire was acquired by IBM and its products incorporated into the Rational Software product line.

Now, after over 10 years as part IBM Application Security, AppScan is reclaiming its brand and place in the market, and setting a new course for growth under HCL.

AppScan pioneered many foundational security testing (AST) technologies, most notably dynamic application security testing or DAST. Its technology innovations have been acknowledged through hundreds of patents and its research team credited with the discovery of countless CVEs (Common Vulnerabilities & Exposures).

Among its ‘alumni’ are some of the most respected security researchers and entrepreneurs in the cybersecurity industry, including Gili Raanan, who founded Sanctum and now runs Cyberstarts, a cybersecurity investment fund; Eran Reshef, who went on to found Skybox Security and other companies in the security space; Amit Klein, who’s security expertise helped propel security companies like Cyota (sold to RSA), Trusteer (sold to IBM) and most recently SafeBreach; Ori Segal, who co-founded and recently sold serverless security company PureSec to Palo Alto Networks; Adi Sharabani and Yair Amit, who founded and sold mobile security company Skycure to Symantec; Guy Podjarny, who co-founded Snyk; and many more top-notch application security pioneers.

Today, application security testing is more important than ever. Shortening release cycles, the move to continuous delivery, and deployment on modern infrastructure (i.e. containers, Kubernetes, PaaS, and FaaS, etc.) all mean software publishers no longer have one monolithic blob of code that you can periodically test for security vulnerabilities; and applications no longer run on a handful of servers that sit behind a WAF or API gateway. Modern applications are continuously changing and their components are dynamically instantiated and taken down on compute resources that are often controlled by third parties. As a result, it is becoming increasingly difficult to protect applications using external security tools — applications need to be able to protect themselves.

Publishing robust, vulnerability-free software is more important than ever, and AppScan is positioned better than ever to help its customers do exactly that. Visit us on www.appscan.com to learn more.

The writer is the Head of Marketing for HCL AppScan.

Further Reading