Sanctum and Mercury integrate security, QA tools
Web application security software vendor Sanctum Inc., Santa Clara, Calif., has
announced a partnership with Sunnyvale, Calif.-based Mercury Interactive Corp.
to integrate security testing tools into the QA environment.
The two companies worked together for more than a year on the integration,
according to Diane Fraiman, Sanctum's senior vice president. ''We did this so we
could provide a truly seamless environment where the security tests were an
integral component to the Mercury Interactive user in the same way that their
functionality tests and performance tests were.''
AppScan QA for TestDirector, the product resulting from the integration of
Sanctum's AppScan into Mercury's TestDirector, is designed not only for
traditional QA engineers but for developers as well, said Sanctum CTO Steve
''The Mercury TestDirector user can configure and execute security tests from
the same Web-based console that they configure and execute functional,
performance and manual tests,'' he said. ''The user receives a set of results
showing security defects.''
The defect report tells the QA engineer where the defect is located, what
caused it and offers ''fix recommendations'' that can then be posted to a defect
database that developers can access, Orrin said.
''The developers who get the information about the defect as part of the
normal application life-cycle process have all the information they need to
remediate the defect,'' he noted.
Fraiman noted that the defect information and fix recommendations are in a
language that developers and managers can understand, so they do not have to
become security experts to find and fix security loopholes in their
The hope is that developers will be able to solve security problems early in
the development life cycle rather than having them caught after the application
is on the Web, she added.
Rich Seeley is Web Editor for Campus Technology.