Play With Fire…and You Just Might Learn
Watchfire’s AppScan Enterprise 5 focuses on reducing complexity in app security
March 15, 2007 —
With the release of AppScan Enterprise 5, Watchfire claims to have put bewildering security vulnerabilities into layman’s terms for developers.
Released last month, AppScan Enterprise 5 is the latest version of the company’s Web-based security solution for Web applications. AppScan Enterprise provides vulnerability scanning, reporting and remediation capabilities for Web applications. The newest version introduces QuickScan, a new testing tool that simplifies security assessments for developers.
Dave Grant, vice president of security product strategies for Watchfire, said, “We’ve implemented new functionality that makes it as dead simple as you can make it for developers to scan [their code]. We’ve built an interface, and a language around that interface, that makes it simple for nonsecurity experts to run a test for security applications.”
Another new feature of AppScan Enterprise 5 is integration with Watchfire’s computer-based training program, in which an organization’s executives can monitor employee progress and course completion rates. In addition, AppScan Enterprise 5 now can work with Fortify Software’s SCA Suite to show overlapping vulnerabilities on both the source-code and the application levels.
GENERATES TASK LIST
QuickScan presents a Developer Task List that the company claims can enable developers to quickly understand what needs to be fixed to make a Web application secure. With QuickScan, Grant said, a security professional can set up the necessary scans that need to be run, and the developer directs AppScan to test the application. AppScan scans the application, and then generates the Developer Task List for QuickScan.
As an example of the developer-oriented results that QuickScan provides, Grant offered the following: “Developers would be told to ‘filter out hazardous characters from user input field,’ and then there would be an example of what those hazardous characters are, or [they would be given the recommendation] ‘install the ASP.NET patch or module’ instead of telling them about a cross-site scripting problem or SQL injection problem. Most people don’t even know what application security is, let alone how to write secure code, so we have to bridge that gap.”
AppScan Enterprise 5 has a number of new reporting features, including a more flexible framework that allows better searching and filtering, and more granular controls to lock down scanning and report access to protect sensitive security data. The offering also has a brand-new GUI that is better suited to developers, according to the company.
Share this link: http://sdt.bz/30334
Most Read Latest News Blog Resources
Zeichick’s Take: Radio moves from analog waveforms to digital packets
Streaming radio highlights the need for streaming applications to be designed to take up as little bandwidth as possible
|
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Appcelerator Acquires Cocoafish to Add Instant Mobile Cloud Capabilities to its Industry Leading Titanium Platform
Appcelerator Offers Messaging, Social, Location and Storage Mobile Cloud Services to All Mobile App Publishers
|
|
ComponentOne Releases a Collection of 40+ UI Widgets Powered by HTML5 and jQuery
ComponentOne has announced the 2012 release of Wijmo: a kit of UI widgets for HTML5 and jQuery development
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles
|
|
Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions
|
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
|
|
Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
|
|
RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
|
|
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
|
The Hidden Costs of Software Licensing
Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...
|
|
Case Study: You May Need a Development Mechanic
As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...
|
|
Ensuring Software Quality at a Major International Bank
One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...
|
|
Load Testing Adobe Flex Applications
Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...
|