November 7, 2006; 05:47 AM
S.P.I. Dynamics, Inc. (http://www.spidynamics.com/), the leading provider of Web application security testing software and services, announced that the company, in close collaboration with Microsoft, is the first Web application security vendor to provide support for Microsoft ASP.NET 2.0 AJAX Extensions (formerly code-named "Atlas") in its latest release of the company's integrated developer product, DevInspect 3.0. DevInspect is the first security product to analyze and remediate security vulnerabilities in Web applications built using ASP.NET AJAX.
"As technology such as AJAX aggressively evolves to increase the positive experience of users on the Web, Microsoft maintains a focused commitment to improving application security," said Brian Goldfarb, group product manager of the Web Platform and Tools Group at Microsoft Corp. "SPI Dynamics has worked with Microsoft and the ASP.NET AJAX team to raise awareness of application security issues and deliver developer security solutions that assist in the development of more secure software through the Microsoft Visual Studio platform."
The company also announced today the release of DevInspect 3.0 for Microsoft Visual Studio Team System integrated defect tracking and configuration management product. The tight integration of DevInspect with Visual Studio Team System enables developers to share data about security defects with their entire development team. DevInspect is also currently available in an integrated offering for Microsoft Visual Studio 2003 and Visual Studio 2005 and SPI Dynamics is a Microsoft Gold Certified Partner and a member of Microsoft's Partner Advisory Council of the Visual Studio Industry Partner Program.
"SPI Dynamics continues to lead the market with cutting-edge Web application security solutions and research that address the future of applications. The release of DevInspect 3.0 with ASP.NET AJAX support and integration with Microsoft Visual Studio Team System is another example of our close ongoing relationship with market leaders like Microsoft to provide an infrastructure that encourages more secure software production throughout the application lifecycle," said Brian Cohen, president and CEO, SPI Dynamics. "Our continued goal is to assist development, QA and operations teams in the facilitation of a secure development process by providing the necessary integrated tools that meet their growing needs and result in risk reduction for the entire organization at the most critical layer - the Web application."
DevInspect provides a powerful automated secure coding framework for software developers, and offers the following features for security analysis and vulnerability remediation of security defects within ASP.NET AJAX applications:
- Thorough security analysis and automated vulnerability remediation of
ASP.NET 2.0 AJAX Extensions applications, including partial page
rendered content within UpdatePanel controls.
- Runtime script interpretation and security analysis of the Microsoft
AJAX Library, the cross-browser and cross-platform script library
available as part of ASP.NET AJAX Extensions.
- Discovery of ASP.NET AJAX Web services calls and in-depth security
analysis of underlying JSON and SOAP Web services.
SPI Dynamics' DevInspect also offers the following benefits for Visual Studio Team System:
- Facilitates Development Lifecycle Collaboration - Enables developers to
manage and share security information through vulnerability work item
management and detailed vulnerability reporting, and prevents
developers from checking insecure code into the Visual Studio Team
System version control system through security code check-in policies.
In addition, enables developers with little to no security expertise to
automatically fix vulnerabilities during development and deliver secure
Web applications.
- Offers Broadened Hybrid Analysis(TM) - SPI Dynamics' unique approach to
pinpoint security vulnerabilities with unmatched accuracy and to
dramatically reduce false positives. The source code analysis phase
defines the application attack surface, identifying all application
inputs and finding common security coding errors and all potential
vulnerabilities. The black box testing phase uses the intelligence and
data from the source code analysis to discover and verify exploitable
security defects using automated attack techniques against running
applications. This black box testing phase virtually eliminates false
positives to yield the actual exploitable security vulnerabilities in
the application found during source code analysis, rather than a list
of potential problems that require manual review and validation.
Availability
SPI Dynamics' DevInspect 3.0 with ASP.NET AJAX support and integration with Visual Studio Team System will be available December 1st. For more information, please visit http://www.spidynamics.com/, or contact SPI Dynamics at (866) 774-2700; [email protected].
For more information on AJAX security threats and their impact, the following materials from SPI Dynamics are available:
- White paper - "AJAX Security Dangers" http://www.spidynamics.com/assets/documents/AJAXdangers.pdf - On Demand Webcast - "AJAX (in)security" https://download.spidynamics.com/registration/AJAX_webcast.asp About AJAX Security
AJAX (Asynchronous JavaScript and XML) continues to maintain a steady pace as the application software development technology of the Web 2.0 future. Web 2.0 is exploding and with it comes the hard push for technology that facilitates a more interactive and responsive Web that enhances the experiences of its users. This push has encouraged quick adoption by developers and enterprise organizations of AJAX technology that dramatically improves the flexibility of Web applications. However, while AJAX can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind.
About S.P.I. Dynamics, Inc.
Start Secure. Stay Secure.(R)
Security Assurance Throughout the Application Lifecycle
SPI Dynamics delivers a comprehensive suite of products and services (http://www.spidynamics.com/products/index.html) that help to identify and remediate Web application and Web services security vulnerabilities found at key stages throughout the Web Application Lifecycle. SPI Dynamics solutions enable security professionals, QA testers, and developers to work together to assess, analyze, and remediate Web applications and Web services for security vulnerabilities, and verify compliance with over 20 security policies like SOX, HIPAA and PCI. The Company's unique approach utilizing patent-pending Intelligent Engines(TM) technology combined with the largest Web application security vulnerability knowledgebase in the industry delivers unparalleled speed and accuracy. SPI Dynamics' research and development team, SPI Labs, is widely recognized as one of the world's leading authorities on Web application security and risk management. The Company has over 850 customers among Global 2000 enterprises, including over 90 U.S. Federal accounts, and has strategic partnerships with Microsoft, IBM, Mercury, CSC and Visa with Visa investing in the Company in 2005. SPI Dynamics is privately held with headquarters in Atlanta, Georgia. For more information on Web application security, visit http://www.spidynamics.com/ or call (866) 774-2700.
DevInspect and Start Secure. Stay Secure. are registered trademarks, and Hybrid Analysis and Intelligent Engines are trademarks of S.P.I. Dynamics, Inc. Product or service names mentioned herein are the trademarks of their respective owners.
|
PRESS BY MONTH
EDITOR'S DESK
SUBMIT PRESS
