SPI's DevInspect Tools Secure Microsoft AJAX

SPI Dynamics is collaborating with Microsoft to provide security tools for applications built using ASP.NET AJAX (code-named "Atlas"). When it is released on December 1, DevInspect 3.0 will become one of the first dev tools to analyze and remediate vulnerabilities in Atlas-based applications.

DevInspect 3.0 with ASP.NET AJAX support is designed to provide an automated, secure coding framework for Atlas developers. Its features include security analysis and automated vulnerability remediation of apps built with ASP.NET 2.0 AJAX Extensions, including partial-page-rendered content within UpdatePanel controls. It also offers runtime script interpretation and security analysis of the Microsoft AJAX Library, the cross-browser, and a cross-platform script library that is available as part of ASP.NET AJAX Extensions. In addition, the tool supports discovery of ASP.NET AJAX Web services calls and in-depth security analysis of underlying JSON and SOAP Web services.

"AJAX is not insecure in and of itself," says Jason Schmitt, SPI's Group Product Manager. "But because people are adopting a lot of different and diverse AJAX libraries, and even coding it themselves, heavily in JavaScript and heavily in client-side code, they're making old mistakes in new ways."

He continues, "The way Microsoft is baking Atlas into ASP.NET, [applications are] sitting on top of a framework that addresses security in a lot of different way. The same mistakes can still be made, but there's less of a chance of that with Atlas."

DevInspect 3.0 for Microsoft Visual Studio Team System, is also set for release on Dec. 1. This defect-tracking-and-configuration management product is tightly integrated with the VS Team System to enable developers to share data about security defects with the entire dev team. DevInspect is currently available in an integrated offering for Microsoft Visual Studio 2003 and Visual Studio 2005.

SPI Dynamics has been working with Microsoft for some time, Schmitt says, focusing primarily on the Atlanta-based company's developer products. SPI (pronounced "spy") is a Microsoft Gold Certified Partner and a member of Microsoft’s Partner Advisory Council of the Visual Studio Industry Partner Program.

About the Author

John K. Waters is a freelance writer based in Silicon Valley. He can be reached at [email protected].