Watchfire Introduces AppScan 7.0, Highlighting a Decade of Web Security Leadership.Powerful New Solution Further Bridges the Gap between Security Professionals and Developers with Greater Automation Precision, Control and Visibility to Identify, Communicate and Remediate Web Security Vulnerabilities WALTHAM, Mass. -- Watchfire, the market-leading provider of application vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. software and services to help ensure the security and compliance of websites, today unveiled AppScan[R] 7.0, a major new product release that highlights a decade of innovation and leadership since AppScan pioneered the web application security market in 1996. Security teams are under pressure to keep up with the volume of applications they need to test. They often catch issues late in the software development cycle or not at all. This problem is compounded by the fact that development and QA professionals typically have little or no security expertise and do not fully understand how to fix the issues. AppScan 7.0 was developed to solve these problems and features more advanced application vulnerability scanning and increased testing process automation, in addition to a range of new features to help organizations understand and act upon the web security vulnerabilities found. It provides unmatched visibility and control for security professionals and penetration testers, and introduces root cause identification and communication features to provide developers with logical instructions on how to not only find and fix issues, but also learn from the process. AppScan 7.0 highlights include: Enhanced Automation to Further Improve Productivity: * Privilege Escalation Privilege escalation is the act of exploiting a bug in an application to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with a higher security context than intended by the Testing - AppScan 7.0 is the only solution to automate the manually intensive task of testing an application's authorization model. The AppScan Privilege Escalation Testing exposes vulnerabilities that make protected resources available to unauthorized users. Before AppScan 7.0, this task could take days to conduct manually - now it can take minutes. Internal Watchfire studies have shown an 88% reduction in effort when AppScan 7.0 is used to test an application's authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. policy. * Two-Factor Authentication The use of two independent mechanisms for authentication; for example, requiring a smart card and a password. The combination is less likely to allow abuse than either component alone. See authentication. Support - AppScan is the only solution to support the use of complex authentication procedures in web applications. When AppScan detects that a complex authentication login Signing in and gaining access to a network server, Web server or other computer system. The process (the noun) is a "login" or "logon," while the act of doing it (the verb) is to "log in" or to "log on. is required, it will suspend the scan while maintaining the session state, and prompt the user to complete the authentication process. Without this capability, web application scanners are kicked out of session, resulting in poor application coverage and increased false positives. Supported authentication methods include two-factor authentication, CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) A category of technologies used to ensure that a human is making the transaction online rather than a computer. , stepped authentication, one-time passwords (security) One-Time Password - (OTP) A security system that requires a new password every time a user authenticates themselves, thus protecting against an intruder replaying an intercepted password. OTP generates passwords using either the MD4 or MD5 hashing algorithms. , USB keys, smartcards and mutual authentication Mutual authentication or two-way authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both . New Ability to Action and Communicate Critical Vulnerabilities: * Validation Highlighting & Reasoning - AppScan 7.0 is the first solution to provide the combination of test validation highlighting, reasoning and difference to demonstrate and explain vulnerabilities. Other scanning solutions hide their testing and reasoning, making it difficult to identify each issue's root cause. Watchfire has opened AppScan to highlight exactly what issue was detected in which web site response, why it was detected and how it was detected--providing immediate and unmatched transparency which enables the user to efficiently understand the root cause of each vulnerability, communicate it to developers and then initiate the remediation process. * Identifying the Root Cause of Vulnerabilities - AppScan was the first solution to provide actionable results for developers, with a remediation view that enabled developers to understand the root cause of the problem, not just the symptom. Now, AppScan 7.0 goes even further by providing more automation, control and visibility for security professionals and penetration testers. "We work closely with our customers and partners to understand their security needs and how we can prioritize our efforts to support their success. We've focused upon the breadth of our solutions to ensure the widest application scanning ability, and integration with key technologies in our space. The market responded by adopting our AppScan technology for deployment across nearly a third of the global market," said Peter McKay
Peter McKay (1925 – 2000) was a Scottish footballer who played mainly for Dundee United and holds the record of being the club's all-time top goalscorer with 158 league , president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. , Watchfire. "AppScan 7.0 expands on its core capabilities of vulnerability identification and remediation of developer tasks by empowering the security professional with more automation, visibility and control over web applications' security processes, and the developer with a better understanding of the root cause and how to fix the issues." AppScan Reporting Console: Facilitating better understanding, management and control Also announced today is Watchfire's new AppScan Reporting Console, a powerful web-based management and reporting dashboard that can be used to manage multiple desktop versions of AppScan as a cost-effective means to establish process and manage security across the enterprise. As a complement to AppScan 7.0, the Reporting Console empowers users with a means to set and manage scan permissions across multiple AppScan desktops, and distribute web-based vulnerability reports across the enterprise, arming users with metrics and explanations of where vulnerabilities are found and how to fix them. Users are able to consolidate application security scan A test of a network's vulnerabilities. A security scan does not attempt to break into the network illegally; rather it tries to find areas of vulnerability. A security scan uses a variety of automated software tools, typically performing hundreds of routine tests and checks. results and create a central repository of the company's web application vulnerabilities in order to establish policy and process for managing remediation. This gives administrators more control over assignment of tasks, the ability to track remediation progress, and generate/distribute a wide variety of customized reports. Users can also leverage the Issue Management features in the Reporting Console to ensure they are tracking vulnerabilities from detection through to remediation. For more information, visit the following link to see the AppScan Reporting Console press release: http://www.watchfire.com/news/releases/11-06-06b.aspx "Identifying and fixing security issues piecemeal isn't enough. Today's attacks invariably in·var·i·a·ble adj. Not changing or subject to change; constant. in·var  i·a·bil exploit the same core vulnerabilities, because it's difficult for organizations to successfully integrate security capabilities within the software development lifecycle," said Charles Kolodgy, research director, Security Products at IDC. "To solve this problem, security professionals need more power and control which can be available from sophisticated and automated scanning capabilities. Developers need direction on how to fix security defects in software applications, in tandem Adv. 1. in tandem - one behind the other; "ride tandem on a bicycle built for two"; "riding horses down the path in tandem"tandem with logic behind why vulnerabilities exist. For strong risk mitigation associated with web application security, organizations should invest in automated solutions that lend more visibility for both auditors and developers to identify, communicate, and remediate these critical issues." AppScan 7.0 continues Watchfire's commitment to make the security professional more successful, with even more automated capabilities, granular control, more open visibility and enhanced user interface functionality for powerful and efficient use. The ability to generate actionable reports provides penetration testers and security professionals with a stronger offering to provide their clients, and by leveraging the new AppScan Reporting Console, security professionals and developers can further leverage new levels of enhanced communication and sharing of information across the organization that were previously only available with Watchfire's enterprise product. Watchfire continues to provide complete vulnerability scanning for modern and complex web sites, with broad web services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. scan coverage, extended AJAX support and ability to scan even the largest enterprise web properties. The industry's most comprehensive compliance reporting solution, AppScan includes more than 34 out-of-the-box compliance reports, including the latest Payment Card Industry (PCI (1) (Payment Card Industry) See PCI DSS. (2) (Peripheral Component Interconnect) The most widely used I/O bus (peripheral bus). ) 1.1 compliance update. For more information, including technical features and details, please visit: http://www.watchfire.com/resources/appscan70-overview.pdf Watchfire Introduces OnDemand Training Watchfire has also introduced a new suite of computer based training solutions in support of AppScan 7.0 and AppScan Reporting Console, facilitating user expertise in web application security. Leveraging a decade of expertise and best practices developed from hands-on customer deployments in many of the world's most challenging and complex websites, Watchfire has packaged a new suite of training offerings to give customers the knowledge they need to succeed. The convenient self-paced computer based training (CBT (Computer-Based Training) Using the computer for training and instruction. CBT programs are called "courseware" and provide interactive training sessions for all disciplines. ) modules provide everything from basic web application security to specific advanced use of AppScan. These modules can be reviewed at any time for refresher training Refresher training is a form of updating military knowledge of the reservist troops. After one has completed the conscription service, he or she can be called for refresher training for some amount of days. , providing knowledge on demand. Watchfire experts are also available for application scanning assistance. Pricing and Availability AppScan 7.0 will be generally available for download on November 20, 2006. Pricing for AppScan 7.0 starts at $14,400. To register to evaluate AppScan 7.0 when it's available on November 20, please visit: https://www.watchfire.com/securearea/appscan.aspx About Watchfire Watchfire provides Online Risk Management software and services to help ensure the security and compliance of websites. More than 800 enterprises and government agencies, including AXA AXA Anguilla, Anguilla (Airport Code) AXA Alpha Chi Alpha AXA Animal Crossing Ahead (online forum community/guide to the game Animal Crossing) AXA Auxiliary Artery Financial, SunTrust, HSBC HSBC Hongkong and Shanghai Banking Corporation HSBC Humane Society of Broward County (Florida) HSBC Humane Society of Bay County (Bay County, Michigan) , Vodafone, Veterans Affairs Veterans Affairs is a term of the business that deals with the relation between a government and its veteran communities, usually administered by the designated government agency. and Dell rely on Watchfire to audit and report on issues impacting their online business. Watchfire has been the recipient of several industry honors including the HP/IAPP Privacy Innovation Award, InfoSecurity Product Guide's Hot Security Company 2006, Computerworld's Innovative Technology Award, and "Recommended" rating by Computer Reseller News. Watchfire was named by IDC as the worldwide market share leader in web application vulnerability assessment software. Watchfire's partners include IBM Global Services IBM Global Services is the world's largest business and technology services provider. It is the fastest growing part of IBM, with over 190,000 professionals serving customers in more than 160 countries. , PricewaterhouseCoopers, Sapient sa·pi·ent adj. Having great wisdom and discernment. [Middle English, from Old French, from Latin sapi , Microsoft, Interwoven in·ter·weave v. in·ter·wove , in·ter·wo·ven , inter·weav·ing, inter·weaves v.tr. 1. To weave together. 2. To blend together; intermix. v.intr. , WebTrends, EMC (1) (EMC Corporation, Hopkinton, MA, www.emc.com) The leading supplier of storage products for midrange computers and mainframes. Founded in 1979 by Richard J. Egan and Roger Marino, EMC has developed advanced storage and retrieval technologies for the world's largest companies. Documentum and Mercury. Watchfire is headquartered in Waltham, MA. For more information, please visit www.watchfire.com. Watchfire, WebXM, AppScan, PowerTools, the Bobby Logo and the Flame Logo are trademarks or registered trademarks of Watchfire Corporation. All other products, company names, and logos are trademarks or registered trademarks of their respective owners. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion