Watchfire Introduces AppScan QA; New Edition Incorporates Crucial Quality Assurance Audience into Web Application Security Testing.New Version of AppScan Includes Enhanced Integration with HP's Quality Center and Debuts New Integration with IBM Rational ClearQuest Rational ClearQuest is a work-flow automation tool (in particular bug tracking system) from the Rational Software division of IBM. The tool can be linked to Microsoft Project to create ordered steps for resources assigned to specific goals. , Enabling QA Teams to Integrate Security as a Key Component of Their Normal Testing Process WALTHAM, Mass. -- Watchfire, the market leading provider of web application security software and services, today announced a new quality assurance edition of the Company's flagship product A primary product of a company, which is typically why the company was founded and/or what made it well known. For example, MS-DOS, Windows and the Microsoft Office suite have been flagship products of Microsoft. CorelDRAW is a flagship product of Corel Corporation. , AppScan[R]. AppScan[R] QA introduces the latest web application security testing Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, to the QA cycle, with new and enhanced integration with the industry's most popular software quality management solutions--HP (formerly Mercury) Quality Center[TM] and IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) [R] Rational[R] ClearQuest[R]. This new release complements Watchfire's web-based enterprise platform - AppScan[R] Enterprise, a solution that enables organizations to scale application security testing into QA and development via a web-based system. Online attacks are steadily increasing and few argue that web applications present today's most significant online security threat, highlighting the increased need for ongoing web vulnerability scanning. Overburdened o·ver·bur·den tr.v. o·ver·bur·dened, o·ver·bur·den·ing, o·ver·bur·dens 1. To burden with too much weight; overload. 2. To subject to an excessive burden or strain; overtax. n. 1. security teams are looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. ways to scale security testing across the software development life cycle. They are turning to QA and development teams, who are typically not security experts, to help fill the void. To be successful these groups need a simplified method of integrating security testing into their existing quality and performance testing Performance Testing covers a broad range of engineering or functional evaluations where a material, product, or system is not specified by detailed material or component specifications: Rather, emphasis is on the final measurable performance characteristics. environments. AppScan QA accomplishes this by providing a single solution that can unite QA, development and security teams under a common security testing process--to reduce the cost and effort required for QA testers to identify, understand and resolve security-related defects in web applications. "Web application security is clearly a priority in today's market. Watchfire understands the need to make automated security testing a reality in QA, development and throughout the software development lifecycle, not just in the final audit or production stages where security professionals typically step in," said Michael Weider, founder and CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of Watchfire. "AppScan QA simplifies web application security testing by integrating with the HP Quality Center and IBM Rational ClearQuest environments, so QA professionals can easily run pre-configured scans to identify security defects and log them, with fix recommendations, in their existing system for QA interaction with development teams." Instead of providing complex tools to QA teams and expecting them to master security testing with no formal processes and training, Watchfire supports the transition from security team to QA by giving QA the ability to work in their existing system and process, allowing for quick and seamless adoption. Supporting Multiple QA Use Cases within IBM Rational ClearQuest and HP Quality Center AppScan QA offers enhanced and seamless integration An addition of a new application, routine or device that works smoothly with the existing system. It implies that the new feature or program can be installed and used without problems. Contrast with "transparent," which implies that there is no discernible change after installation. with HP Quality Center. AppScan QA reduces the cost of fixing security-related defects by integrating with the testing hosts of HP's Quality Center environment, allowing users to run tests (e.g. functional, load and security) from a single console. This helps QA teams enhance their test plans to integrate security as a key component of their normal testing process. AppScan works as a QA security testing engine and users are empowered with comprehensive security defect advisories, modification and maintenance processes--in addition to detailed fix recommendations--all in easy-to-understand QA language. New features and functionality include: * Automatic test creating, modification and maintenance processes needed to test and act on remediation of security defects; * Centralized control 1. In air defense, the control mode whereby a higher echelon makes direct target assignments to fire units. 2. In joint air operations, placing within one commander the responsibility and authority for planning, directing, and coordinating a military operation or group/category of for QA/developers to store and share configurations and sessions; keep information on past runs; and see progress over time; * Browser-based interface - Scanning performed by testing hosts; * Flexible interface - QA can choose to work within the browser-based interface, while those more comfortable working with AppScan can continue to use the solution for scan configuration, but have the tests stored and run within HP Quality Center; * Produces detailed security defect advisories for QA personnel; * Produces detailed defect definition for development team to allow them to quickly and thoroughly solve the problem; * Scales to any size QA team, leveraging HP Quality Center distributed model; * Easy administration with fast deployment, centralized control and workload distribution within existing QA systems. Watchfire has already attained "Ready for IBM Rational software" validation for its integration of AppScan Enterprise with IBM Rational ClearQuest. This integration enables development, QA and security teams to work together using ClearQuest as a common defect tracking In engineering, defect tracking is the process of finding defects in a product, (by inspection, testing, or recording feedback from customers), and making new versions of the product that fix the defects. system that integrates seamlessly with Watchfire's web-based enterprise security solution. This ClearQuest integration provides: * Automatic test creating, modification and maintenance processes needed to test and act on remediation of security defects; * Centralized control for QA/developers to store and share configurations and sessions; keep information on past runs; and see progress over time; * Browser-based interface - Scanning performed by testing hosts; * Produces detailed security defect advisories for QA personnel; * Produces detailed defect definition for development team to allow them to quickly and thoroughly solve the problem; * Scales to any size team. Harness the AppScan Engine with AppScan eXtensions Watchfire has introduced a new QA Defect Logger eXtension, which pushes selected security defects from AppScan to customers' QA systems simply by right-clicking an issue to open a defect ticket. The tickets include all required defect information (fix recommendation, request/response, etc.) and can be edited as appropriate before sending. This new capability further expands the QA process by including gating by the security team. Users can install a plug-in to AppScan that pushes identified security issues as a defect into either the IBM Rational ClearQuest or HP Quality Center solutions. AppScan eXtensions Framework (AXF AXF Ascii Exchange Format ) allows users to extend the AppScan feature set. AXF gives users the ability to create anything from a minor utility that performs simple tasks, to a full blown application that performs many complex actions, all based on AppScan data or functionality. By leveraging the potential that AXF provides, users can customize AppScan to meet their exact needs by using or creating their own eXtensions. Watchfire also introduced the AppScan eXtensions Framework community website (http://axf.watchfire.com) today as an online destination for users to facilitate collaboration and sharing of extensions. AppScan QA provides automation to deliver predictive, reliable results, code-level fix recommendations, advanced reporting capabilities, and the ability to output results to all standard defect tracking and analysis/management systems. "AppScan QA applies standardized testing and collaboration functions throughout development, and gives QA teams the ability to make security a core component of application quality without requiring an additional skill set," added Weider. "By delivering an integrated product that is easy for QA to use, we not only help significantly minimize security vulnerabilities and business risk, but with the value of fixing security defects early in development pegged at seven times less costly than testing after development, we're improving development efficiency and reducing overall costs as well." About Watchfire Watchfire is the leading provider of web application security software and the only company to offer an end-to-end solution (jargon) end-to-end solution - (E2ES) A term that suggests that the supplier of an application program or system will provide all the hardware and/or software components and resouces to meet the customer's requirement and no other supplier need be involved. Compare: turn-key solution. including intelligent fix recommendations to evaluate, understand and resolve issues. More than 800 enterprises and government agencies, including AXA AXA Anguilla, Anguilla (Airport Code) AXA Alpha Chi Alpha AXA Animal Crossing Ahead (online forum community/guide to the game Animal Crossing) AXA Auxiliary Artery Financial, SunTrust, HSBC HSBC Hongkong and Shanghai Banking Corporation HSBC Humane Society of Broward County (Florida) HSBC Humane Society of Bay County (Bay County, Michigan) , Vodafone, Veterans Affairs Veterans Affairs is a term of the business that deals with the relation between a government and its veteran communities, usually administered by the designated government agency. and Dell rely on Watchfire to identify, report and help remediate security vulnerabilities. Watchfire has been the recipient of several industry honors including: winning an unprecedented three out of five 2007 SC Magazine Excellence Awards (including Best Security Company); the HP/IAPP Privacy Innovation Award; Computerworld's Innovative Technology Award; Winner of the Dr. Dobb's 2007 Jolt Product Excellence Awards; and "Recommended" rating by Computer Reseller News. For two years in a row, Watchfire has been named by IDC as the worldwide market share leader in web application vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. software. Watchfire's partners include IBM Global Services IBM Global Services is the world's largest business and technology services provider. It is the fastest growing part of IBM, with over 190,000 professionals serving customers in more than 160 countries. , Fortify for·ti·fy v. for·ti·fied, for·ti·fy·ing, for·ti·fies v.tr. To make strong, as: a. To strengthen and secure (a position) with fortifications. b. To reinforce by adding material. , PricewaterhouseCoopers, Sapient sa·pi·ent adj. Having great wisdom and discernment. [Middle English, from Old French, from Latin sapi , Microsoft, Interwoven in·ter·weave v. in·ter·wove , in·ter·wo·ven , inter·weav·ing, inter·weaves v.tr. 1. To weave together. 2. To blend together; intermix. v.intr. , EMC (1) (EMC Corporation, Hopkinton, MA, www.emc.com) The leading supplier of storage products for midrange computers and mainframes. Founded in 1979 by Richard J. Egan and Roger Marino, EMC has developed advanced storage and retrieval technologies for the world's largest companies. Documentum and Mercury. Watchfire is headquartered in Waltham, MA. For more information, please visit www.watchfire.com. Watchfire, WebXM, AppScan, PowerTools and the Flame Logo are trademarks or registered trademarks of Watchfire Corporation. All other products, company names, and logos are trademarks or registered trademarks of their respective owners. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion