Sanctum Announces First Security Testing Tool to Integrate with Any Enterprise QA Environment.Business Editors/High-Tech Writers SANTA CLARA Santa Clara, city, Cuba Santa Clara (sän`tä klä`rä), city (1994 est. pop. 217,000), capital of Villa Clara prov., central Cuba. , Calif.--(BUSINESS WIRE)--Aug. 25, 2003 AppScan 4.0 QA Edition and Audit Edition Complete Sanctum's Comprehensive Product Suite for Cost-Effective Security Testing Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, and Remediation at All Phases of Application Lifecycle Sanctum, Inc., the established leader in Web application security software, today announced the availability of AppScan(TM) 4.0 QA Edition, the first security testing tool available for seamless integration An addition of a new application, routine or device that works smoothly with the existing system. It implies that the new feature or program can be installed and used without problems. Contrast with "transparent," which implies that there is no discernible change after installation. with any QA testing environment, and AppScan 4.0 Audit Edition for accelerated, automated testing (testing) automated testing - Software testing assisted with software tools that require no operator input, analysis, or evaluation. of security vulnerabilities. With its patented intelligent validation engine, Sanctum's AppScan 4.0 product suite covers the widest array of attack variants to test both new and existing infrastructures, including emerging Web services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. technologies containing XML XML in full Extensible Markup Language. Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. and SOAP vulnerabilities. By reducing security defects before Web applications are deployed in a live production environment, AppScan 4.0 enables enterprise users to deploy applications quickly, reduce deployment costs, improve resource allocation resource allocation Managed care The constellation of activities and decisions which form the basis for prioritizing health care needs , assure compliance and minimize risk. With the introduction of AppScan 4.0, Sanctum now empowers enterprise users at all stages of the application lifecycle -- including developers, QA and internal and external auditors -- with an automated testing tool that is a natural extension of their current testing processes. The only available tool for security testing during the QA phase, AppScan 4.0 QA Edition delivers seamless integration into existing test systems, automation to deliver predictive, reproducible results and the ability to output results to all standard defect tracking In engineering, defect tracking is the process of finding defects in a product, (by inspection, testing, or recording feedback from customers), and making new versions of the product that fix the defects. and analysis systems. In compliance with the Capability Maturity Model (CMM (Capability Maturity Model) A process developed by SEI in 1986 to help improve, over time, the application of an organization's supporting software technologies. ) outlined by the Software Engineering Institute (SEI), AppScan supports software QA and quality management standards, a critical element of delivering quality software to the market. "Time-to-market pressures have typically taken precedence over software debugging and quality assurance. If companies integrate security best practices throughout every phase of testing, security vulnerabilities will be resolved as they appear, instead of post-deployment, where the cost of fixing and business risk are significantly higher," said Pete Lindstrom, Spire Security. "When security is pinpointed at every phase of development, as is now possible with Sanctum's full AppScan product suite for developers, QA staff and auditors, application testing not only produces more secure software, but can even speed an application's time to market through improved resource allocation." "Stricter compliance and audit regulations have increased the requirement for high-quality and secure applications, putting new demands on organizations to track and fix vulnerabilities more quickly," said Andrew Conte, director of Information Security, HBO Hyperbaric oxygen therapy (HBO) A form of oxygen therapy in which the patient breathes oxygen in a pressurized chamber. Mentioned in: Ozone Therapy . "To meet the challenge of timely, cost-effective remediation, security needs to be considered a vital testing parameter alongside functionality and performance. With automated security testing, we are able to assess and fix security problems quickly and cost-effectively, thereby enforcing security best practices, reducing audit cycles and improving internal and external compliance demands." New features of AppScan 4.0 include: -- Advanced Delta Analysis--helps developers, QA testers and auditors enforce predictive, reproducible results across the test cycle. Users can establish and map back to test plan over time, across applications, departments or companies to ensure continued compliance. -- Web Services Support--delivers widest array of attack variants to test for emerging Web services technologies, including XML and SOAP vulnerabilities, application specific vulnerabilities (ASVs) and common Web vulnerabilities (CWVs); intelligent validation system tests for known and unknown vulnerabilities in IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) WebSphere, Microsoft .NET and Sun ONE. -- Interactive Results Display & Analysis--Graphical tree view allows users to easily review and differentiate results to prioritize remediation actions; error-free, immediate and automated analysis achieved through "Worse Case Scenarios" that communicate business impact of technical vulnerability and "Vulnerability Causes" that identify root cause of problems, including insecure programming and configuration changes. -- Application Programming Interface (API) & Command Line Interface (CLI (1) (Call Level Interface) A database programming interface from the SQL Access Group (SAG), an SQL membership organization. SAG's CLI is an attempt to standardize the SQL language for database access. )--users can automatically execute AppScan QA Edition defect tests and results export as part of QA testing procedure with seamless integration through APIs and CLIs. -- Unparalleled Performance--The fastest application risk assessment tool available today, AppScan scales from scanning a single Web page to 100,000s of Web page applications. Availability AppScan 4.0 QA Edition and Audit Edition are generally available September 5, 2003. About Sanctum, Inc. Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the recognized leader for Web application security solutions. Sanctum software solutions provide automatic enforcement of intended business processes, ensuring the protection of core information and data. By detecting and defending against any unauthorized behavior, Sanctum protects customers against malicious cybercriminal See cybercrook. activity -- from theft of intellectual property and customer data, to e-commerce fraud and Web site defacement de·face tr.v. de·faced, de·fac·ing, de·fac·es 1. To mar or spoil the appearance or surface of; disfigure. 2. To impair the usefulness, value, or influence of. 3. -- even if a site has unknown security holes or flaws. Sanctum's solutions complete a company's security infrastructure, assure regulatory compliance and create sustainable ROI (Return On Investment) The monetary benefits derived from having spent money on developing or revising a system. In the IT world, there are more ways to compute ROI than Carter has liver pills (and for those of you who never heard of that expression, it means a lot). . Sanctum's customers include industry leaders in finance, retailing, healthcare, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms Name Location Founding date Managing Partners/Directors Specialty Capital managed 5AM Ventures Menlo Park, CA; Waltham, MA 2002 John Diekman, PhD (managing partner), Scott Rocklage, PhD (managing partner), Andrew Schwab (managing partner) life sciences $200M [1] and industry leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group, Mofet Israel Technology Fund and Walden Israel. For more information, visit www.SanctumInc.com or contact the Company directly at 408-352-2000. AppScan is a trademark of Sanctum, Inc. All other product names referenced are the property of their respective owners and are hereby acknowledged. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion