July 1, 2019 marks a new beginning for AppScan. As part of a business deal valued at $1.8B, IBM divested a number of business lines to HCL, an India-based technology vendor. Among the divested businesses was AppScan, an application security testing suite for web applications, APIs and mobile apps.

AppScan was initially developed by Israeli software company Sanctum and first released in the early 2000s. Sanctum was a cybersecurity pioneer credited with several security innovations, including the first web application firewall (WAF) and the first automated web application security testing tool, which went on to become AppScan.

In 2004, Sanctum was acquired by US-based Watchfire and became its flagship product and main R&D site.

In 2007, Watchfire was acquired by IBM and its products incorporated into the Rational Software product line.

Now, after over 10 years as part IBM Application Security, AppScan is reclaiming its brand and place in the market, and setting a new course for growth under HCL.

AppScan pioneered many foundational security testing (AST) technologies, most notably dynamic application security testing or DAST. Its technology innovations have been acknowledged through hundreds of patents and its research team credited with the discovery of countless CVEs (Common Vulnerabilities & Exposures).

Among its ‘alumni’ are some of the most respected security researchers and entrepreneurs in the cybersecurity industry, including Gili Raanan, who founded Sanctum and now runs Cyberstarts, a cybersecurity investment fund; Eran Reshef, who went on to found Skybox Security and other companies in the security space; Amit Klein, who’s security expertise helped propel security companies like Cyota (sold to RSA), Trusteer (sold to IBM) and most recently SafeBreach; Ori Segal, who co-founded and recently sold serverless security company PureSec to Palo Alto Networks; Adi Sharabani and Yair Amit, who founded and sold mobile security company Skycure to Symantec; Guy Podjarny, who co-founded Snyk; and many more top-notch application security pioneers.

Today, application security testing is more important than ever. Shortening release cycles, the move to continuous delivery, and deployment on modern infrastructure (i.e. containers, Kubernetes, PaaS, and FaaS, etc.) all mean software publishers no longer have one monolithic blob of code that you can periodically test for security vulnerabilities; and applications no longer run on a handful of servers that sit behind a WAF or API gateway. Modern applications are continuously changing and their components are dynamically instantiated and taken down on compute resources that are often controlled by third parties. As a result, it is becoming increasingly difficult to protect applications using external security tools — applications need to be able to protect themselves.

Publishing robust, vulnerability-free software is more important than ever, and AppScan is positioned better than ever to help its customers do exactly that. Visit us on https://www.hcltechsw.com/appscan/ to learn more.

The writer is the Head of Marketing for HCL AppScan.

Comment wrap
Further Reading
Secure DevOps | June 24, 2022
Automatic Issue Correlation Now Part of HCL AppScan
There is no silver bullet that can solve the application security challenge. Each of the core technologies (IAST, DAST, and SAST) has strengths and weaknesses.Auto Issue Correlation allows us to leverage the strengths of each technology, while overcoming weaknesses with the advantages of the others. Furthermore, Auto Issue Correlation enhances your AST capabilities, improves your prioritization process and reduces remediation time and effort.
Secure DevOps | May 20, 2022
New Vulnerability in Spring Framework Detected
A new vulnerability, dubbed SpringShell in Spring Framework, was recently discovered by the HCL AppScan team.SpringShell was given a CVE ID of CVE-2022-22965, and results in Remote Code Execution (RCE) upon successful exploitation, compromising the web server and putting it under the attacker's control. It affects Spring Framework versions 5.3.17/5.2.19 and lower (it was patched in versions 5.3.18/5.2.20).
Secure DevOps | April 28, 2022
Latest Version of AppScan Standard Now Available
AppScan standard has been a market-leading DAST solution for the last 20 years with evolving capabilities throughout the years.
Filters result by