AppScan is one of IBM's new acquisitions from WatchFire software. Since the bluewash (IBM's term for converting the marketing, logos and colors within an application to that of IBM's), they have now released a developer edition with does static code analysis, dynamic analysis, and runtime analysis of an application to detect security vulnerabilities such as cross-site scripting attacks, possible targets for denial of services attacks, SQL injection, etc.
The tool is pretty much a point and click interface. I've been playing around with it today (as well as RAD 7.5). There are several areas of vulnerability that I would not have thought of in some applications I've previously worked on.
IBM has a pretty good demo of the tool at this site:
Labels: appscan, watchfire