News

Sanctum and Mercury integrate security, QA tools

• By Rich Seeley
• December 10, 2003

Web application security software vendor Sanctum Inc., Santa Clara, Calif., has announced a partnership with Sunnyvale, Calif.-based Mercury Interactive Corp. to integrate security testing tools into the QA environment.

The two companies worked together for more than a year on the integration, according to Diane Fraiman, Sanctum's senior vice president. ''We did this so we could provide a truly seamless environment where the security tests were an integral component to the Mercury Interactive user in the same way that their functionality tests and performance tests were.''

AppScan QA for TestDirector, the product resulting from the integration of Sanctum's AppScan into Mercury's TestDirector, is designed not only for traditional QA engineers but for developers as well, said Sanctum CTO Steve Orrin.

''The Mercury TestDirector user can configure and execute security tests from the same Web-based console that they configure and execute functional, performance and manual tests,'' he said. ''The user receives a set of results showing security defects.''

The defect report tells the QA engineer where the defect is located, what caused it and offers ''fix recommendations'' that can then be posted to a defect database that developers can access, Orrin said.

''The developers who get the information about the defect as part of the normal application life-cycle process have all the information they need to remediate the defect,'' he noted.

Fraiman noted that the defect information and fix recommendations are in a language that developers and managers can understand, so they do not have to become security experts to find and fix security loopholes in their applications.

The hope is that developers will be able to solve security problems early in the development life cycle rather than having them caught after the application is on the Web, she added.