Enterprise Application Testers Use AppScan 3.5 to Fix Security Vulnerabilities Early in Application Lifecycle.Business Editors/High-Tech Writers SANTA CLARA Santa Clara, city, Cuba Santa Clara (sän`tä klä`rä), city (1994 est. pop. 217,000), capital of Villa Clara prov., central Cuba. , Calif.--(BUSINESS WIRE)--Sept. 30, 2002 Leading Web Security Testing Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, Tool Integrates Seamlessly into Any Application Testing application testing - system testing Environment Sanctum, Inc., the established leader in Web application security software, today announced the availability of AppScan 3.5(TM), the leading Web security testing tool now optimized for the enterprise application testing environment. With the introduction of AppScan 3.5, Sanctum extends its proven Web security vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. solution that has been part of the auditor's toolkit for years to the application quality assurance (QA) testers. AppScan 3.5's 'Site Smart' technology learns the unique behavior of each Web application, and builds a customized vulnerability assessment scan to drive precision testing throughout the application lifecycle. Addressing the widest range of Web application vulnerabilities, AppScan 3.5 tests both customer and third party applications for application specific vulnerabilities (ASVs), common Web vulnerabilities (CWVs) and .Net framework vulnerabilities. A study by IBM's System Sciences Institute found that the relative cost of fixing defects after deployment is almost seven times greater than detecting flaws and eliminating them during testing. Web applications -- the target of 80 percent of all hacks according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Gartner -- continue to expose the most costly and serious security defects. As the market demand for high quality applications increases, security is quickly becoming a vital parameter in the QA testing process. By reducing Web application security defects before they get to production, AppScan 3.5 allows companies to reduce the overall number of development cycles, deploy secure applications faster, and improve the utilization of QA and development resources to deliver an unparalleled ROI (Return On Investment) The monetary benefits derived from having spent money on developing or revising a system. In the IT world, there are more ways to compute ROI than Carter has liver pills (and for those of you who never heard of that expression, it means a lot). . "Cyber-threats at the application level continue to increase," said John Pescatore, vice president for Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. at Gartner. "With the increased focus on critical infrastructure protection Department of Defense (DOD) program to identify and protect assets critical to the Defense Transportation System. Loss of a critical asset would result in failure to support the mission of a combatant commander. , integrating automated security testing tools into the application development and testing process needs to become standard practice for all enterprises with Internet exposure." AppScan 3.5 brings the combination of speed, accuracy, flexibility and efficiency to application development, QA testing and audit functions. As a standalone application running on Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. 2000, AppScan learns the unique business logic of the application on the fly and creates a dynamic scan to obtain the most comprehensive Web application vulnerability assessment. Exploring the site like a hacker would, AppScan tests for application specific vulnerabilities such as SQL injection SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not , cross-site scripting See XSS. and parameter tampering; common Web vulnerabilities for third party applications; and .Net framework vulnerabilities. Once the assessment is complete, AppScan provides customized, detailed reports that include actionable recommendations for how to fix known and unknown vulnerabilities. The result is the most accurate Web security testing tool in the market today. The key new features of AppScan 3.5 include: -- Precision Testing -- Automatically learns the application's structure and business logic on the fly; intelligently detects both CWVs and ASVs with less than one percent false positives/negatives. -- Business Process Record and Play -- Records business processes for regression testing and stores the information as XML for easy modification. -- JavaScript Explore -- Provides the unique functionality of exploring JavaScript, identifying potentially dangerous content and testing the embedded links. -- Scan Scheduling -- Allows user to schedule one-time, regular and concurrent tests by triggering scans to run at optimal times of the day or week. -- Web Services Support -- Explores application vulnerabilities found in .NET services, including new types of XML-related vulnerabilities, cross-site scripting and advanced SQL injection attacks. -- Detailed and Customized Reporting -- Provides actionable results for each vulnerability and allows easy report customization for specific target audiences, including developers and executives. "With the introduction of AppScan 3.5, application developers and QA testers no longer have to choose between on-time application delivery and complete application security," said Gili Raanan, senior vice president of products at Sanctum, Inc. "Sanctum's AppScan 3.5 integrates seamlessly into any application testing environment, while delivering the highest level of accuracy and efficiency in assessing Web application-specific vulnerabilities. Built on proven performance for auditors, AppScan 3.5 drives Web security at every stage of the application lifecycle to produce the highest quality Web applications." Availability AppScan 3.5 is available immediately. Webinar Event For additional information on security within enterprise application testing, join Sanctum CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. Steve Orrin today -- September 30, at 2:00 p.m. EDT EDT abbr. Eastern Daylight Time EDT Eastern Daylight Time EDT n abbr (US) (= Eastern Daylight Time) → hora de verano de Nueva York EDT -- for the "Rush To Release -- Deploying Secure Applications" Webcast. To register, visit http://searchSecurity.com/r/0,,6022,00.htm. About Sanctum, Inc. Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the recognized leader for Web application security solutions. Sanctum software solutions provide automatic enforcement of intended business processes, ensuring the protection of core information and data. By detecting and defending against any unauthorized behavior, Sanctum protects customers against malicious cybercriminal See cybercrook. activity -- from theft of intellectual property and customer data, to e-commerce fraud and Web site defacement de·face tr.v. de·faced, de·fac·ing, de·fac·es 1. To mar or spoil the appearance or surface of; disfigure. 2. To impair the usefulness, value, or influence of. 3. -- even if a site has unknown security holes or flaws. Sanctum's solutions complete a company's security infrastructure, assure regulatory compliance and create sustainable ROI. Sanctum's customers include industry leaders in finance, retailing, healthcare, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms Name Location Founding date Managing Partners/Directors Specialty Capital managed 5AM Ventures Menlo Park, CA; Waltham, MA 2002 John Diekman, PhD (managing partner), Scott Rocklage, PhD (managing partner), Andrew Schwab (managing partner) life sciences $200M [1] and industry leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group, Mofet Israel Technology Fund and Walden Israel. For more information, visit www.SanctumInc.com or contact the Company directly at 408/855-9500. AppScan is a trademark of Sanctum, Inc. All other product names referenced are the property of their respective owners and are hereby acknowledged. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion