WatchFire AppScan
AppScan, said to be the most mature Web application vulnerability scanner on the market was developed in 2000 as a companion to Sanctum’s AppShield Web application firewall. Now it is owned by IBM, one of the most well-known names in computi. This ia result of the acquisition in July by Big Blue of WatchFire. AppScan’s experience might not be enough as the Ajax applications being fed to their scanners proved to be troublesome, even for long-established products. For IBM, AppScan looks like a sound investment because of the advanced functionality and reliability, the features that were the most successful so far at traversing our Ajax applications.
There were tense moments, though, when they first began scanning one of their sample Ajax apps, the experienc of which seem to be repeating now. AppScan was not able to parse the JavaScript automatically. WatchFire investigated, however, it said that it had no trouble with the application. What gives?