Watchfire Unveils Web Security Solutions

Watchfire has released AppScan 7.6, the latest installment of its application vulnerability analysis tool, and has rolled out a debut of AppScan OnDemand, a service for checking the security exposure of Web applications.

The new AppScan 7.6 release is geared to further automate application security testing for in-house software deployment. New features in the latest release, available now for $14,400, include:

  • PHP fix recommendations that help developers address issues on the PHP platform, as well as ASP.NET and J2EE.
  • A new SQL Injection Exploit extension available from that attempts automatic extraction of database tables to detect dangerous SQL injection vulnerabilities.
  • A Developer Essentials Test Policy to help developers optimize Web application security.
  • Forty-one out-of-the-box compliance reports, such as the new National Institute of Standards and Technology 800-53 and the latest Open Web Application Security Project Top Ten 2007, along with a new AppScan Reporter for Microsoft PowerPoint extension for creating presentations of scan results directly into PowerPoint.

The new AppScan OnDemand service caters to firms with minimal or no application security knowledge, as well as to firms checking the security of business partner apps. The OnDemand service comes in three tiers, starting at $5,000, with the following options:

  • Basic vulnerability assessment. An option to check simple applications, in which Watchfire staff run AppScan, analyze the results and offer recommendations.
  • Comprehensives service. An option offered for medium-to-large apps with a large degree of user access. Watchfire specialists scan via AppScan and then manually test and exploit their findings.
  • Advanced service. An option that combines a comprehensive security test and manual testing to put massive, intricate applications through their paces.

About the Author

David Kopf is a freelance technology writer and marketing consultant, and can be reached at [email protected].