LOGIN | REGISTER NOW | SUBSCRIBE
 
print Printable version 
Most Read Latest News Blog Resources
IBM brings Rational tools into the cloud
Fifteen Rational products for managing, developing and testing on clouds are now available...

Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

Does Windows cost Microsoft opportunities?
Microsoft's decision to focus .NET on Windows is stifling innovation due to the specter of...

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

From Finding to Fixing Vulnerabilities


Latest release of AppScan offers recommendations for remediation

By David Rubinstein
December 15, 2005 — 
What Watchfire calls a fundamental shift in the application security market has led to a fundamental shift in its flagship AppScan testing tool.

“The original focus of AppScan was how bad a Web site was. The success [of AppScan] was measured in the volume of issues” it uncovered, explained Michael Weider, chief technology officer at Watchfire. “In 2005, the market began to understand application security. Now the biggest issue was struggling to digest the output of the product.”

AppScan 6.0, released on Dec. 5, helps organizations do just that with the addition of an automated fix recommendation feature that studies the vulnerabilities found by the tool and generates recommendations to help remediate the problems, Weider said. “This is a huge productivity savings for our customers,” he said.

The testing tool has been given an interface lift, with new views and trees to help ease the process of working through security issues, he added. The new remediation view provides a list of recommended tasks for fixing the problems, either for the entire application or for specific pages or folders. That, Weider said, makes it easier for project managers to assign issues to the developers responsible for that work.

Other enhancements include increased scanning speed, which helps organizations get through numerous, large applications, and template-based scan configuration, which enables users to save scan items for reuse. Also, users now can prioritize changes based on the severity of the vulnerability.

Reporting is one of the most important functions of a security testing tool, and Watchfire claims that AppScan 6.0 provides reporting on more than 30 regulatory compliance requirements, such as Sarbanes-Oxley, Gramm-Leach Bliley Act and Visa Cardholder Information Security Program.

With hackers finding ever newer ways to penetrate an application, the new version provides vulnerability updates daily. AppScan 6.0 costs US$15,000 per year on a subscription basis; AppScan Developer Edition costs $1,500 per seat. AppScan DE integrates with Visual Studio and Eclipse; support for VS 2005 will be added soon, Weider said.


Share this link: http://www.sdtimes.com/link/29048
 

Add comment


Name*
Email*  
Country     


  • Comment
  • Preview
Loading



 
 
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 
Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?


 
blogs tab
Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST

 

Events calendar tab
EclipseCon
3/22/2010 to 3/25/2010
Santa Clara, Calif.
The Eclipse Foundation

DevConnections
4/12/2010 to 4/14/2010
Las Vegas
Penton Media

MySQL Conf. and Expo
4/12/2010 to 4/15/2010
Santa Clara, Calif.
O'Reilly Media

High Performance Computing Linux Financial Markets
4/19/2010
New York City
Flagg Management

Informix User Conf.
4/25/2010 to 4/28/2010
Overland Park, Kans.
IIUG