From Finding to Fixing Vulnerabilities
Latest release of AppScan offers recommendations for remediation
December 15, 2005 —
What Watchfire calls a fundamental shift in the application security market has led to a fundamental shift in its flagship AppScan testing tool.
“The original focus of AppScan was how bad a Web site was. The success [of AppScan] was measured in the volume of issues” it uncovered, explained Michael Weider, chief technology officer at Watchfire. “In 2005, the market began to understand application security. Now the biggest issue was struggling to digest the output of the product.”
AppScan 6.0, released on Dec. 5, helps organizations do just that with the addition of an automated fix recommendation feature that studies the vulnerabilities found by the tool and generates recommendations to help remediate the problems, Weider said. “This is a huge productivity savings for our customers,” he said.
The testing tool has been given an interface lift, with new views and trees to help ease the process of working through security issues, he added. The new remediation view provides a list of recommended tasks for fixing the problems, either for the entire application or for specific pages or folders. That, Weider said, makes it easier for project managers to assign issues to the developers responsible for that work.
Other enhancements include increased scanning speed, which helps organizations get through numerous, large applications, and template-based scan configuration, which enables users to save scan items for reuse. Also, users now can prioritize changes based on the severity of the vulnerability.
Reporting is one of the most important functions of a security testing tool, and Watchfire claims that AppScan 6.0 provides reporting on more than 30 regulatory compliance requirements, such as Sarbanes-Oxley, Gramm-Leach Bliley Act and Visa Cardholder Information Security Program.
With hackers finding ever newer ways to penetrate an application, the new version provides vulnerability updates daily. AppScan 6.0 costs US$15,000 per year on a subscription basis; AppScan Developer Edition costs $1,500 per seat. AppScan DE integrates with Visual Studio and Eclipse; support for VS 2005 will be added soon, Weider said.
Share this link: http://sdt.bz/29048
Most Read Latest News Blog Resources
Zeichick’s Take: Radio moves from analog waveforms to digital packets
Streaming radio highlights the need for streaming applications to be designed to take up as little bandwidth as possible
|
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Appcelerator Acquires Cocoafish to Add Instant Mobile Cloud Capabilities to its Industry Leading Titanium Platform
Appcelerator Offers Messaging, Social, Location and Storage Mobile Cloud Services to All Mobile App Publishers
|
|
ComponentOne Releases a Collection of 40+ UI Widgets Powered by HTML5 and jQuery
ComponentOne has announced the 2012 release of Wijmo: a kit of UI widgets for HTML5 and jQuery development
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles
|
|
Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions
|
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
|
|
Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
|
|
RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
|
|
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
|
The Hidden Costs of Software Licensing
Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...
|
|
Case Study: You May Need a Development Mechanic
As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...
|
|
Ensuring Software Quality at a Major International Bank
One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...
|
|
Load Testing Adobe Flex Applications
Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...
|