|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||
|
Watchfire Releases Industry's Most Extensible and Customizable Web Application Vulnerability Testing Solution and Launches New Open Source Community for Developing New Scanning CapabilitiesApril 17, 2007; 02:22 AM Today’s changing market requires flexibility. AppScan 7.5 is the first product in the industry to make the technical leap from just a scanning tool to a security testing platform, cementing web application security to all parties involved in application creation. AppScan can now address application security vulnerabilities for users across the entire Software Development Life Cycle (SDLC), from non-security professionals to the most serious power user. Coupled with today’s introduction of AppScan QA, (http://www.watchfire.com/news/releases/04-16-07b.aspx) designed to simplify security testing for development and quality assurance teams; Watchfire completes its vision of integrating web application security throughout the SDLC. ”Jyske Bank A/S insists on secure web applications that protect the confidential information and assets of our customers,” said Dennis Panduro Rand, IT-security & Compliance, Jyske Bank A/S. “AppScan is currently one of the best solutions on the market to address our large and very complex web applications. It has become an integrated component of our implementation process for developers. We use AppScan to verify the security of our applications and are excited about the flexibility and the new and powerful advancements in AppScan 7.5 as our security testing requirements continue to grow. The new AppScan eXtensions Framework is a significant distinction for AppScan and represents an important step forward, further building on the overall productivity and capability. This gives us the strength to develop tools and scripts that directly connect with the AppScan SDK.” AppScan eXtensions Framework Extends AppScan Feature Set AppScan 7.5 introduces a revolutionary new AppScan eXtensions Framework (AXF) that allows users to extend the AppScan feature set. AXF gives users the ability to create anything from a minor utility that performs simple tasks, to a full blown application that performs many complex actions, all based on AppScan data or functionality. By leveraging the potential that AXF provides, users can customize AppScan to meet their exact needs by using or creating their own eXtensions. “With AppScan 7.5, Watchfire has really opened up the full power of the AppScan engine to our users,” said Michael Weider, founder and chief technology officer of Watchfire. “With a customer base that makes up nearly a third of the global market share, our customers have great ideas on how to customize AppScan to even better address the unique challenges they face on the front lines of security every day. Watchfire's eXtensions community and website is all about innovation. Our customers can now create and share their own extensions, and collaborate together on new ways to leverage the new open flexibility of AppScan.” Samples of AppScan eXtensions immediately available for download today include:
Watchfire Involves Web Application Security Community Also today, Watchfire launched its AppScan eXtensions Framework community website (http://axf.watchfire.com) to facilitate this collaboration. The AppScan eXtensions Framework community is a new online destination where Watchfire users can exchange extensions developed to solve specific security testing challenges, and its open nature allows them to build upon each others work. Watchfire’s development team, customers and select partners have developed several new extensions as well as functional extensions to further extend AppScan’s capability. AppScan users—which comprise nearly one-third of the global market share for web application security scanning—are invited to submit their own extensions. All third-party extensions submitted to the site will be governed by the open-source Apache License, version 2.0. Pyscan Automates Manual Testing For further flexibility and automation, AppScan 7.5 offers Pyscan for real-time, targeted testing in the Python scripting language. Python scripts are a popular tool for penetration testers to complement automated tools with manual testing efforts. Now Pyscan provides a full integration of Python scripting within AppScan’s configuration framework to combine those manual efforts with the benefits of automated security testing to reduce testing efforts. Through Pyscan, the user can harness core web application scanning functions such as the AppScan Advanced Session Management, reporting and scanning engine to customize a scan to a specific audit. By merging AppScan and Python scripting, Watchfire customers witness a “turbo” effect by automating more manual testing tasks, improving accuracy of those tests, saving testing time and enjoying new capabilities previously not available through manual checks alone. “AppScan 7.5 is an expert application security auditor’s dream,” said James Landis, Application Security Practice Manager at FishNet Security. “The exposure of the scanning engine to the Python scripting environment will speed up the many tedious tasks that in the past had to be done by hand or with inefficient third-party code. Watchfire's emphasis on organization of findings around the remediation effort will help companies transition from bug-finding and not knowing how to address the problems to successful reduction of business risk.” In addition to AppScan eXtensions, Watchfire’s AXF community portal will also host Pyscan script functions. Samples of new scripted capabilities now available to AppScan users include:
“Python scripting is often used by penetration testers, and as a group we are always looking for non-restrictive ways to further adapt and extend our techniques. With its new Python scripting functionality in Pyscan, plus the AppScan eXtension Framework, AppScan now provides ways for us to automate some of our application security testing requirements and provides limitless possibilities for penetration testers. It is truly an enabling product for us,” said Konstantinos Karagiannis, Senior Ethical Hacking Consultant, BT INS. Additional AppScan 7.5 Enhancements: Beyond AppScan eXtensions Framework and Pyscan capabilities, which extend the flexibility and customizability of AppScan, AppScan 7.5 includes a number of enhancements to improve performance, accuracy, usability and reporting functionality. Featuring native Windows Vista™ support, AppScan offers a new welcome screen, with immediate access to pre-defined scans to simplify basic processes. Watchfire continues to provide complete vulnerability scanning associated with the latest Web 2.0 technologies and includes enhanced AJAX support, (complete with custom-tailored handling and testing of parameters of the JSON protocol and Web Services, the dominant protocols in AJAX) as well as advanced JavaScript and Flash. The industry's most comprehensive compliance reporting solution, AppScan includes 40 out-of-the-box compliance reports, including the latest Payment Card Industry (PCI) compliance update and new NERC and Basel II support. Additional functionality added in AppScan 7.5 includes:
Pricing and Availability Watchfire AppScan 7.5 is immediately available. Pricing for AppScan starts at $14,400. For more information and to download an evaluation copy please visit: https://www.watchfire.com/securearea/appscan.aspx The AppScan eXtensions community is also live with today’s launch and can be accessed at http://axf.watchfire.com. About Watchfire Watchfire is the leading provider of web application security software and the only company to offer an end-to-end solution including intelligent fix recommendations to evaluate, understand and resolve issues. More than 800 enterprises and government agencies, including AXA Financial, SunTrust, HSBC, Vodafone, Veterans Affairs and Dell rely on Watchfire to identify, report and help remediate security vulnerabilities. Watchfire has been the recipient of several industry honors including: winning an unprecedented three out of five 2007 SC Magazine Excellence Awards (including Best Security Company); the HP/IAPP Privacy Innovation Award; Computerworld’s Innovative Technology Award; winner of the Dr. Dobb’s 2007 Jolt Product Excellence Awards; and “Recommended” rating by Computer Reseller News. For two years in a row, Watchfire has been named by IDC as the worldwide market share leader in web application vulnerability assessment software. Watchfire’s partners include IBM Global Services, Fortify, PricewaterhouseCoopers, Sapient, Microsoft, Interwoven, EMC Documentum and Mercury. Watchfire is headquartered in Waltham, MA. For more information, please visit www.watchfire.com. Watchfire, WebXM, AppScan, PowerTools and the Flame Logo are trademarks or registered trademarks of Watchfire Corporation. All other products, company names, and logos are trademarks or registered trademarks of their respective owners. |
Copyright © 1998 - 2018 DevStart, Inc. All Rights Reserved |