IBM Security Appscan provides automated security scanning of web applications.
Did you know that you can apply test policies within IBM Security AppScan to cover particular aspects of the scan? Using the right policy produces optimal scanning results and reduces false positives.
In this great article, you can get an overview of IBM Security AppScan test policies, and learn which policy is optimal based on the type of application and its stage of development. The article also provides a side-by-side policy comparison that details each scan policy that is offered by the IBM Security AppScan tool.
Source: IBM developerWorks.