DEVPARTNER SECURITYCHECKER 2.0 FIXES SECURITY VULNERABILITY.Compuware Corporation (company) Compuware Corporation - A software and service company with over 11,000 employees worldwide, including more than 7,000 in its professional services organisation. Since 1973, Compuware has focused on optimising business software development, testing, and operation. (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on :CPWR CPWR Center to Protect Workers' Rights (now Center for Construction Research and Training) CPWR Council for a Parliament of the World's Religions CPWR Coupled Plasma-Waveguide Resonance ) has launched Compuware DevPartner SecurityChecker 2.0. This new version of Compuware's security analysis tool offers full integration with Microsoft Visual Studio Microsoft Visual Studio is Microsoft's flagship software development product for computer programmers. It centers on an integrated development environment which lets programmers create standalone applications, web sites, web applications, and web services that run on any platforms 2005, enabling development and testing teams to improve the quality of their Microsoft ASP.NET Web applications by quickly locating and fixing security vulnerabilities early in the application life cycle, saving time and money. Compuware a new services offering to help organizations improve application security. "Microsoft is pleased that DevPartner SecurityChecker 2.0 supports and integrates with Visual Studio 2005," said Rick Samona, product manager of the .NET Developer Product Marketing Group at Microsoft Corp. "With application security becoming such a critical concern for IT organizations, DevPartner SecurityChecker helps development and testing teams locate and identify security vulnerabilities to secure their applications from attacks." DevPartner SecurityChecker is a security assessment tool that accelerates the development of secure ASP.NET applications. DevPartner SecurityChecker helps efficiently achieve application security by automatically identifying security vulnerabilities through a combination of both white-box (code scanning and run-time analysis Run-time analysis is a theoretical classification that evaluates and anticipates the increase in running time (or run-time) of an algorithm as its input size (usually denoted as "n") increases. ) and black-box (penetration testing) testing techniques and pinpoints the location of the vulnerability in source code. By automating the security vulnerability detection process, DevPartner SecurityChecker helps developers deliver secure ASP.NET Web applications on time and on budget. "Seventy-five percent of application attacks occur at the application level. Security is another facet of quality -- and like quality, security must be built into the application, not tested at the end of the development cycle," said Theresa Lanowitz, research director at Gartner, Inc., in her report. "In today's IT organization, new issues such as compliance, regulations, risk management and ever-changing priorities are increasing the focus on application security. Information, plans and requirements regarding security must begin at the application level." New features and enhancements in DevPartner SecurityChecker 2.0 include: -- Full integration with Visual Studio 2005 with the Microsoft .NET See .NET. Framework 2.0. -- Reduction of false positive reporting. -- Improvements for creating and managing discovery maps. -- Improvements to existing SQL Injection SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not , Cross-Site Scripting See XSS. (XSS (CROSS-Site Scripting) Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a "click here" hyperlink attached to a URL that points to a non-existent Web page. ), and Parameter Tampering Modifying elements in the URL sent to a Web site in order to obtain unauthorized information. User queries are often passed to the database in the Web server by appending search arguments to the URL used to locate the site. vulnerability detection. -- Thirty new Integrity rules, including rules for finding: - Google Hacking Google hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security. vulnerabilities such as pages containing configuration information, hidden content, error information, and points of entry. - Hidden developer information that can be unlocked and viewed by an attacker, like debugging data. - Examining HTTP headers HTTP Headers form the core of a HTTP request, and are very important in a HTTP response. They define various characteristics of the data that is requested or the data that has been provided. for cookie and page caching vulnerabilities. - Exploiting a vulnerability to bypass the default ASP.NET validation procedure that allows an application to be vulnerable to Cross-Site Scripting (XSS) attacks. "DevPartner SecurityChecker 2.0 helps me and my development team find and fix vulnerabilities in our ASP.NET applications," said beta tester, Bernd Oerding, head of development CAD/GIS at HHK HHK Happy Hacking Keyboard HHK High Hold Keep (Everquest) HHK Heifer Hong Kong HHK Html Help Workshop HHK Help Pad Keywords Datentechnik GmbH. "With DevPartner SecurityChecker 2.0, we were able to check our code and see all of the errors and possible security risks as well as get detailed information on how to address and resolve the security issues, helping to improve the overall code quality and security of our applications." Compuware also offers a Security Assessment for ASP.NET applications to those organizations that require specific expertise. This service offering combines the proficiency of Compuware IT professionals with the strengths of DevPartner SecurityChecker, allowing IT and development staffs to accurately assess the security vulnerabilities of an ASP.NET application. Through this service offering, a Compuware technician will review the identified application and then perform a security assessment using Compuware DevPartner SecurityChecker, applying three analysis modes to the application. These modes will focus on code-base analysis, run-time analysis and simulation of attacks from a hacker's point of view. The Compuware consultant will then deliver a detailed report to the customer that the customer can use to investigate and correct found vulnerabilities. "DevPartner SecurityChecker squarely addresses one of the growing concerns of our customers: application security," said Bob Barker Robert William "Bob" Barker (born December 12 1923) is a nineteen-time Emmy Award-winning former American television game show host. He is best known for hosting CBS's The Price Is Right , vice president of Strategic Planning at Compuware Corporation. "By employing DevPartner SecurityChecker, IT managers ensure that their teams are taking the appropriate measures to mitigate the business risk associated with Web application vulnerabilities." DevPartner SecurityChecker 2.0 is currently available and shipping at a U.S. list price of $12,000 per concurrent user. Volume discounts are available. Other Compuware products that currently support Visual Studio 2005 are DevPartner Studio 8.0 and DevPartner Fault Simulator 1.5. Compuware plans to release the next version of its functional testing tool, Compuware TestPartner, which will support and integrate with Microsoft Visual Studio 2005 Team System. Compuware Quality Solutions across the application life cycle enable enterprises to build, test and manage high-quality applications using Microsoft, Java, mainframe and Web technologies. These solutions work together to deliver value to enterprises that depend upon mission-critical applications to remain competitive in increasingly complex and demanding business environments. Compuware Corporation Compuware Corporation (NASDAQ:CPWR) maximizes the value IT brings to the business by helping CIOs more effectively manage the business of IT. Compuware solutions accelerate the development, improve the quality and enhance the performance of critical business systems while enabling CIOs to align and govern the entire IT portfolio, increasing efficiency, cost control and employee productivity throughout the IT organization. Founded in 1973, Compuware serves the world's leading IT organizations, including more than 90 percent of the Fortune 100 companies. Compuware Corporation can be found on the World Wide Web at http HTTP in full HyperText Transfer Protocol Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol. ://www.compuware.com/. For more information, call 313/227-1402. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion