Watchfire Releases AppScan Enterprise 5 with QuickScan for Developers; First Web-based Solution to Extend Application Security Testing Capabilities Throughout Development.Watchfire Innovation Redefines Application Security Industry with First One-Click Vulnerability Scan, Advanced Source Code Analysis Integration, New Computer Based Training Curriculum and More WALTHAM, Mass. -- Watchfire, the market share leading provider of application vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. software and services, today announced AppScan Enterprise 5. Based on next-generation technology, this new version further strengthens the power of the industry's only web-based application See Web application. security solution for security professionals, and now extends its utility to include a new point and shoot testing tool called QuickScan and integrated Computer Based Training to accelerate the adoption of security testing Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, by QA and development teams. Current techniques to integrate security testing into the Software Development Lifecycle (SDLC (Synchronous Data Link Control) The primary data link protocol used in IBM's SNA networks. It is a bit-oriented synchronous protocol that is a subset of the HDLC protocol. See SNA, DLC and Microsoft DLC. 1. ) are failing. Companies are either relying on an overburdened security team to test applications late in the cycle, when fixes are the most costly, or they're throwing complex tools at QA and development teams expecting them to master security testing with no formal processes and training. Today, Watchfire introduces a powerful new approach to solving this problem and to increase adoption of security testing in both QA and development. Companies need a more complete program for introducing, then optimizing application security testing over time. A program that incorporates user training, testing tools tailored to the unique needs of specific SDLC stakeholders Stakeholders All parties that have an interest, financial or otherwise, in a firm-stockholders, creditors, bondholders, employees, customers, management, the community, and the government. - security, QA, and development, and ongoing services and support. Watchfire calls this program Fanatical Success.[TM] (Visit http://www.watchfire.com/news/releases/02-20-07b.aspx to see today's Fanatical Success press release.) "Organizations are struggling with how to integrate security testing with their SDLC," said Jim Routh, CISO See CSO. , Depository Trust & Clearing Corp. "What Watchfire understands is that it's not just about arming developers with robust vulnerability scanning tools. It's about providing developers with both accessible technology and accessible education. Only through this combination will developers begin to incorporate vulnerability assessment results into their application development process." QuickScan for Developers With the release of AppScan Enterprise 5, and the introduction of QuickScan, Watchfire's vision for providing simplified security testing tools for developers is realized. QuickScan has been tailored specifically to meet developers' unique needs. With QuickScan, developers do not have to be security experts to scan applications for security vulnerabilities. Because there is no configuration required or desktop software to install, developers just point and shoot the web-based QuickScan at their application. Results are presented in a "Developer Task List" format enabling non-security users to rapidly understand what exactly needs to be fixed in order to make the application secure. QuickScan relies on administrator-defined scan templates, so while shielding developers from unnecessary complexity, QuickScan affords security teams with the centralized controls they demand. "The industry is in wide agreement now that security testing must be built into the SDLC, but too often companies mistakenly throw complex security solutions at developers as the answer," said Michael Weider, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of Watchfire. "It's simply not feasible to expect developers, who are already overtaxed with go-to-market pressures, to take on the role of security experts too. QuickScan was designed to give developers a hassle-free scanning solution that helps ensure adoption and makes vulnerability assessments a permanent part of the application development process." OnDemand, Computer Based Training Computer Based Training is an ideal way to educate non-security professionals, like developers, on application security fundamentals and product best practices. As a result, AppScan Enterprise 5 delivers integration with Watchfire's self-service, self-paced training program. Customers now have access to a Training dashboard within AppScan Enterprise 5, where team leaders and executives are able to monitor adoption rates and employee progress by viewing enrollment information, course completion rates and test results. The Training dashboard even provides the ability to correlate training activity levels with vulnerability data for specific business units--fostering healthy competition within organizations to improve application security. Today, in support of its Fanatical Success program, the company also rolls out new Computer Based Training curriculum tailored specifically for developers, with courses that include "The Importance of Secure Coding;" QA professionals, with courses that include "Understanding and Verifying Scan Results;" and security auditors, with courses that include "How to Create Custom Security Tests." Since the launch of its Computer Based Training program late last year a significant number of Watchfire sales have included enrollment. Advanced Source Code Analysis Integration In addition to a full technology refresh that brings improved scanning, updated architecture, enhanced usability and more, AppScan Enterprise 5 also delivers the ability to automatically correlate application vulnerabilities with source code issues uncovered by Fortify for·ti·fy v. for·ti·fied, for·ti·fy·ing, for·ti·fies v.tr. To make strong, as: a. To strengthen and secure (a position) with fortifications. b. To reinforce by adding material. Software's SCA (Single Connector Attachment) An 80-pin plug and socket used to connect peripherals. With a SCSI drive, it rolls three cables (power, data channel and ID configuration) into one connector for fast installation and removal. Suite. The precision of correlated scan results simplifies developers' workloads by eliminating the burden of having to weed through voluminous code scan results trying to ascertain what issues to fix. With improved visibility into high priority issues, developers are able to more efficiently triage triage Division of patients for priority of care, usually into three categories: those who will not survive even with treatment; those who will survive without treatment; and those whose survival depends on treatment. and remediate security vulnerabilities within the development phase of the SDLC. The Watchfire Fortify alliance unites the market-leading black box and white box scanning products, creating a best-of-breed solution for customers. Highlights of AppScan Enterprise 5's Next Generation Architecture: * Advanced scanning capabilities that find vulnerabilities associated with the latest Web 2.0 technologies such as AJAX, as well as advanced JavaScript and Flash * Manual Explore and Recorded Login features to ensure successful site navigation and complete crawling * More flexible reporting framework with enhanced searching, grouping and filtering * More granular controls to lock down scanning and report access so sensitive security data is only available to those who truly need it * Complete technology refresh with cleaner architecture and improved customization capabilities * Brand new graphical user interface graphical user interface (GUI) Computer display format that allows the user to select commands, call up files, start programs, and do other routine tasks by using a mouse to point to pictorial symbols (icons) or lists of menu choices on the screen as opposed to having to , providing ease of use for developers About Watchfire Watchfire is the leading provider of web application vulnerability assessment software and the only company to offer an end-to-end solution (jargon) end-to-end solution - (E2ES) A term that suggests that the supplier of an application program or system will provide all the hardware and/or software components and resouces to meet the customer's requirement and no other supplier need be involved. Compare: turn-key solution. including intelligent fix recommendations to evaluate, understand and resolve issues. More than 800 enterprises and government agencies, including AXA AXA Anguilla, Anguilla (Airport Code) AXA Alpha Chi Alpha AXA Animal Crossing Ahead (online forum community/guide to the game Animal Crossing) AXA Auxiliary Artery Financial, SunTrust, HSBC HSBC Hongkong and Shanghai Banking Corporation HSBC Humane Society of Broward County (Florida) HSBC Humane Society of Bay County (Bay County, Michigan) , Vodafone, Veterans Affairs Veterans Affairs is a term of the business that deals with the relation between a government and its veteran communities, usually administered by the designated government agency. and Dell rely on Watchfire to identify, report and help remediate security vulnerabilities. Watchfire has been the recipient of several industry honors including: winning an unprecedented three out of five 2007 SC Magazine Excellence Awards (including Best Security Company); the HP/IAPP Privacy Innovation Award, ; Computerworld's Innovative Technology Award; finalist for the pending Dr. Dobb's 2007 Jolt Product Excellence Awards; and "Recommended" rating by Computer Reseller News. For two years in a row, Watchfire has been named by IDC as the worldwide market share leader in web application vulnerability assessment software. Watchfire's partners include IBM Global Services IBM Global Services is the world's largest business and technology services provider. It is the fastest growing part of IBM, with over 190,000 professionals serving customers in more than 160 countries. , Fortify, PricewaterhouseCoopers, Sapient sa·pi·ent adj. Having great wisdom and discernment. [Middle English, from Old French, from Latin sapi , Microsoft, Interwoven in·ter·weave v. in·ter·wove , in·ter·wo·ven , inter·weav·ing, inter·weaves v.tr. 1. To weave together. 2. To blend together; intermix. v.intr. , EMC (1) (EMC Corporation, Hopkinton, MA, www.emc.com) The leading supplier of storage products for midrange computers and mainframes. Founded in 1979 by Richard J. Egan and Roger Marino, EMC has developed advanced storage and retrieval technologies for the world's largest companies. Documentum and Mercury. Watchfire is headquartered in Waltham, MA. For more information, please visit www.watchfire.com. Watchfire, WebXM, AppScan, PowerTools, the Bobby Logo and the Flame Logo are trademarks or registered trademarks of Watchfire Corporation. All other products, company names, and logos are trademarks or registered trademarks of their respective owners. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion