iApplianceWeb-iApplianceReview

Sponsor-Editors Sites
" iApplianceReview
" Appliance-Lab
" CyberNode Appliances
" VideoIP Services
" Energy Gateways
" Metering & Appliances
" Netcentric Community
" Techrite Associates

EETimes Sites
" EE TIMES
" EE TIMES ASIA
" EE TIMES CHINA
" EE TIMES FRANCE
" EE TIMES GERMANY
" EE TIMES KOREA
" EE TIMES TAIWAN
" EE TIMES UK

EETimes Network Sites
" CommsDesign
" iApplianceWeb.com
" Microwave Engineering
" EEdesign
" Deepchip.com
" Design & Reuse
" Embedded.com
" Embedded Edge
" Elektronik i Norden
" Planet Analog
" Silicon Strategies

" Byte
" ChannelWeb
" CMP
" CommWeb
" Com. Convergence
" CRN
" Conferences and Events
" DB2
" Dr. Dobbs Journal
" DV.Com
" EBN
" EBN China
" eeProductCenter
" Electronics Express
" Electronics Express
" Internet Week
" Network Computing
" Network Magazine
" NetSeminar Services
" QuestLink
" TechWeb
" VAR Business
" Windows Developer

Sanctum Tool Tests Web Application Security

By Bernard Cole
iApplianceWeb
(09/30/02, 11:40:00 PM EDT)

Santa Clara, Ca. --- Sanctum Inc. on Monday made available AppScan 3.5, a new Web-security testing tool optimized for testing enterprise apps.

SBased on the company's "Site Smart' technology, it earns the unique behavior of each Web application, and builds a customized vulnerability assessment scan to drive precision testing throughout the application lifecycle. It tests both customer and third party applications for application specific vulnerabilities (ASVs), common Web vulnerabilities (CWVs) and .Net framework vulnerabilities.

A study by IBM's System Sciences Institute found that the relative cost of fixing defects after deployment is almost seven times greater than detecting flaws and eliminating them during testing. Web applications -- the target of 80 percent of all hacks according to Gartner --- continue to expose the most costly and serious security defects. As the market demand for high quality applications increases, security is quickly becoming a vital parameter in the QA testing process.

As a standalone application running on Microsoft Windows 2000, AppScan learns the unique business logic of the application on the fly and creates a dynamic scan to obtain the most comprehensive Web application vulnerability assessment.

Exploring a site like a hacker would, AppScan tests for application specific vulnerabilities such as SQL injection, cross-site scripting and parameter tampering; common Web vulnerabilities for third party applications; and .Net framework vulnerabilities. Once the assessment is complete, the program then provides customized, detailed reports that include actionable recommendations for how to fix known and unknown vulnerabilities.

Key features of the program include the ability to intelligently detect both CWVs and ASVs with less than one percent false positives/negatives; record transaction processes for regression testing, storing the information as XML for easy modification; explores a sites Javascript, identifying potentially dangerous content and testing the embedded links; and scan scheduling, which allows user to schedule one-time, regular and concurrent tests by triggering scans to run at optimal times of the day or week.

In addition AppScan explores application vulnerabilities found in .NET services, including new types of XML-related vulnerabilities, cross-site scripting and advanced SQL injection attacks as well as providing actionable results for each vulnerability.

Available now, AppScan 3.5 costs $15,000 for an annual unlimited use subscription license.

For more information, go to www.sanctuminc.com