July 1, 2019 marks a new beginning for AppScan. As part of a business deal valued at $1.8B, IBM divested a number of business lines to HCL, an India-based technology vendor. Among the divested businesses was AppScan, an application security testing suite for web applications, APIs and mobile apps.

AppScan was initially developed by Israeli software company Sanctum and first released in the early 2000s. Sanctum was a cybersecurity pioneer credited with several security innovations, including the first web application firewall (WAF) and the first automated web application security testing tool, which went on to become AppScan.

In 2004, Sanctum was acquired by US-based Watchfire and became its flagship product and main R&D site.

In 2007, Watchfire was acquired by IBM and its products incorporated into the Rational Software product line.

Now, after over 10 years as part IBM Application Security, AppScan is reclaiming its brand and place in the market, and setting a new course for growth under HCL.

AppScan pioneered many foundational security testing (AST) technologies, most notably dynamic application security testing or DAST. Its technology innovations have been acknowledged through hundreds of patents and its research team credited with the discovery of countless CVEs (Common Vulnerabilities & Exposures).

Among its ‘alumni’ are some of the most respected security researchers and entrepreneurs in the cybersecurity industry, including Gili Raanan, who founded Sanctum and now runs Cyberstarts, a cybersecurity investment fund; Eran Reshef, who went on to found Skybox Security and other companies in the security space; Amit Klein, who’s security expertise helped propel security companies like Cyota (sold to RSA), Trusteer (sold to IBM) and most recently SafeBreach; Ori Segal, who co-founded and recently sold serverless security company PureSec to Palo Alto Networks; Adi Sharabani and Yair Amit, who founded and sold mobile security company Skycure to Symantec; Guy Podjarny, who co-founded Snyk; and many more top-notch application security pioneers.

Today, application security testing is more important than ever. Shortening release cycles, the move to continuous delivery, and deployment on modern infrastructure (i.e. containers, Kubernetes, PaaS, and FaaS, etc.) all mean software publishers no longer have one monolithic blob of code that you can periodically test for security vulnerabilities; and applications no longer run on a handful of servers that sit behind a WAF or API gateway. Modern applications are continuously changing and their components are dynamically instantiated and taken down on compute resources that are often controlled by third parties. As a result, it is becoming increasingly difficult to protect applications using external security tools — applications need to be able to protect themselves.

Publishing robust, vulnerability-free software is more important than ever, and AppScan is positioned better than ever to help its customers do exactly that. Visit us on https://www.hcltechsw.com/appscan/ to learn more.

The writer is the Head of Marketing for HCL AppScan.

Comment wrap
Further Reading
Secure DevOps | September 26, 2022
Strengths and Weaknesses in Application Security Technologies
With the rise of remote work and cloud-based services, there are more potential threats to your web applications than ever. Learn more about app security.
Secure DevOps | September 26, 2022
Prioritizing the Fix with HCL AppScan and Auto Correlation
When testing web applications, it's crucial to prioritize the fixing process and time required to fix issues. Learn how AppScan is the industry leader in app security testing
Secure DevOps | June 24, 2022
Automatic Issue Correlation Now Part of HCL AppScan
Automatic Issue Correlation enhances your AST capabilities, improves your prioritization process, and reduces remediation time and effort.
Filters result by