Identify and fix vulnerabilities in web and mobile applications

Forrester Consulting: Total Economic Impact™ (TEI) of IBM Security AppScan Source
Learn how our client achieved triple-digit ROI by implementing IBM AppScan Source.


IBM® Security AppScan® Source helps organizations lower costs and reduce risk exposure by identifying web-based and mobile application source code vulnerabilities early in the software development lifecycle, so they can be fixed before deployment.

IBM Security AppScan Source integrates application security testing into your software development lifecycle. It offers enhanced mobile application scanning capabilities and supports testing for mobile web, native and hybrid applications, which includes support for JavaScript, HTML5, Cordova, Java and Objective-C. IBM Security AppScan Source also provides integration with IBM MobileFirst Studio and the ability to scan Worklight applications.

IBM Security AppScan Source can enable:

Stronger and more cost-effective software security


Improved intelligence through integration

Security best practices

Reporting, governance and compliance capabilities

IBM Security AppScan Source


The following are basic hardware and software requirements for the current release of IBM Security AppScan Source. View the detailed system requirements for more information (including system requirements for previous releases).

Operating System Software Hardware
Microsoft Windows 10 Education, Enterprise, and Pro 32 and 64-bit (in 32-bit mode)

Microsoft Windows 8 Professional and Enterprise 32 and 64-bit (in 32-bit mode)

Microsoft Windows 8.1 Professional and Enterprise 32 and 64-bit (in 32-bit mode)

Microsoft Windows 7 Professional, Enterprise & Ultimate 32 and 64-bit (in 32-bit mode)

Microsoft Windows Server 2008 Enterprise and Standard (SP1 and SP2)(32-bit x86)

Microsoft Windows Server 2008 R2 Enterprise and Standard 64-bit (in 32-bit mode)

Microsoft Windows Server 2012 Datacenter, Standard, Essentials, and Foundation (in 32-bit mode)

Microsoft Windows Server 2012 R2 Datacenter, Standard, and Essentials (in 32-bit mode)

RedHat Enterprise Linux 5.0 (through Update 8), 6.0 (through Update 7) Workstation & Server 32 and 64-bit (in 32-bit mode)

OS X Version 10.9, OS X Version 10.10, and OS X Version 10.11 (IBM Security AppScan Source for Security, IBM Security AppScan Source for Development (Eclipse plug-in), and IBM Security AppScan Source for Automation only)

Compilers: GNU Compiler Collection (gcc) for Linux, Visual Studio 2010 (V10) for Windows, Visual Studio 2012 (V11) for Windows, Visual Studio 2013 (V12) for Windows, Xcode Versions 5.0, 5.1, 6.0, and 6.2, 6.3, 6.4, 7.0, 7.1, 7.2, and 7.3 for Objective-C (for Apple iOS applications only), Java V1.5, and higher, Java EE Application Servers: Tomcat V5, V6, V7, and V8, Oracle Weblogic Server V8, V9, V11, and V12, IBM WebSphere Application Server (V7, V8, V8.5, and V8.5.5)

Language Support for Security Testing (Windows): Java™, Android, JavaScript, JSP, ColdFusion, C, C++, .NET (C#, ASP.NET, and VB.NET), Classic ASP (JavaScript/VBScript), PHP (5.3 up to 5.6), Perl, Visual Basic 6, PL/SQL, T-SQL, and COBOL

Language Support for Security Testing (Linux): Java™, Android, JavaScript, JSP, ColdFusion, C, C++, PHP (5.3 up to 5.6), Perl, PL/SQL, T-SQL, and COBOL

Language Support for Security Testing (OS X): Objective-C in Xcode projects, Java, Android, JavaScript, JSP

IDE Plug-in and Project File scanning support (Windows): IBM Worklight V6.0 and 6.1.0, IBM Worklight Foundation V6.2, and IBM MobileFirst Platform V6.3, V7.0, and V7.1; Eclipse versions 3.8, 4.2, 4.2.x, 4.3, 4.3.1, 4.3.2, 4.4, and 4.5; IBM Rational Application Developer (RAD) V8.5, V8.5.1, V8.5.5, V9.0, V9.0.1, V9.1, and V9.1.1; Visual Studio 2010 (Professional, Premium, and Ultimate), Visual Studio 2012 (Professional, Premium, and Ultimate), and Visual Studio 2013 (Professional, Premium, and Ultimate); Visual Studio supports C++, C#, ASP.NET, and VB.NET; Visual Studio 2015 project files can be scanned; Eclipse and RAD support scanning Java (including Android), JavaServer Pages (JSP), and IBM MobileFirst Platform projects

IDE Plug-in and Project File scanning support (Linux): IBM Worklight V6.0 and 6.1.0, IBM Worklight Foundation V6.2, and IBM MobileFirst Platform V6.3, V7.0, and V7.1; Eclipse versions 3.8, 4.2, 4.2.x, 4.3, 4.3.1, 4.3.2, 4.4, and 4.5; IBM Rational Application Developer (RAD) V8.5, V8.5.1, V8.5.5, V9.0, V9.0.1, V9.1, and V9.1.1; Eclipse and RAD support scanning Java (including Android), JavaServer Pages (JSP), and IBM MobileFirst Platform projects

IDE Plug-in and Project File scanning support (OS X): IBM Worklight V6.0 and 6.1.0, IBM Worklight Foundation V6.2, and IBM MobileFirst Platform V6.3, V7.0, and V7.1; Eclipse versions 3.8, 4.2, 4.2.x, 4.3, 4.3.1, 4.3.2, 4.4, and 4.5; IBM Rational Application Developer (RAD) V9.0, V9.0.1, V9.1, and V9.1.1; Eclipse and RAD support scanning Java (including Android), JavaServer Pages (JSP), and IBM MobileFirst Platform projects

Defect Tracking System (Windows and Linux): IBM Rational ClearQuest® V7.1.1, V7.1.2, V8.0, and V8.0.1; HP Quality Center V9.2, V10.0, and V11.5; IBM Rational Team Concert V4.0, V4.0.1, V4.0.2, V4.0.3, V4.0.4, V4.0.5, V4.0.6, and V4.0.7; Microsoft Team Foundation Server 2008 and 2010

Defect Tracking System (OS X): Rational Team Concert V4.0, V4.0.1, V4.0.2, V4.0.3, V4.0.4, V4.0.5, V4.0.6, and V4.0.7

External Database Support: Oracle 11g (32-bit), Oracle 12c

License Server: IBM Rational License Server Versions 8.1.1, 8.1.2, 8.1.3 and 8.1.4 (if activating by floating license)

Translated national languages: English, Brazilian Portuguese, Simplified Chinese, Traditional Chinese, German, Spanish, French, Italian, Japanese, Russian and Korean

Processor: 2 CPU

Memory: 2 GB RAM minimum (with 8 GB or more recommended)

Disk Space: 3 GB (4 GB required for installation)

Network: 1 NIC 10 Mbps for network communication with configured TCP/IP (100 Mbps recommended)

Not in Sverige?

Lätt att få svar på dina frågor.

Vill du ha hjälp?

Lätt att få svar på dina frågor.