Thursday, 10 January 2013

IBM AppScan eval downloads - and what is the difference between Standard, Source, Enterprise and Dynamic?

If you go the IBM AppScan download page you can see four downloads:
  • IBM Security AppScan Standard V8.6 Evaluation Windows 
  • IBM Security AppScan Source for Analysis V8.6 Evaluation Multiplatform
  • IBM Security AppScan Enterprise Server V8.6 Evaluation Multiplatform
  • IBM Security AppScan Enterprise Dynamic Analysis Scanner V8.6 Evaluation

It would be nice if the names where a bit more explicit on what they do:
  • AppScan Standard - BlackBox scanner (pentesting tool) is .Net based and runs on desktop
  • AppScan Source - WhiteBox scanner (source analysis) is Java based and runs on desktop
  • AppScan Enterprise - BlackBox scanner (pentesting tool) is .Net/C++ (not 100% sure) and runs as a webapp 
  • AppScan Enterprise Dynamic Analysis - I have no idea what this this, but from this blog entry Out with the old, in with the new - IBM Security AppScan Standard 8.6 released! I would say that it is the AppScan Standard engine running as a web app
What we still don't have is 'The AppScan', which would be the product made of the combination of them all (or at least with the ability to consume and instrument them all from one place)

At least there is a single download page for the 8.6 versions, which is a good thing.