Leading Automated Security Tool Embedded within Major Developer Platforms to Help Developers Create Secure Applications
Santa Clara, CALIF. June 17, 2003 -
Sanctum, Inc., the established leader in automated Web application security firewall
and testing software, today announced the general availability of AppScan Developer
Edition� (DE) 1.7, the only automated testing tool for building secure, quality
applications within Microsoft� .NET� Framework or Java� development environments.
Already integrated into Microsoft� Visual Studio� .NET, the latest version of
AppScan DE now extends secure application development to major Integrated Development
Environments (IDEs), including: Microsoft� Visual Studio� .NET 6.0, Borland�
JBuilder,� IBM� WebSphere� Studio Application Developer and Eclipse. AppScan DE
provides 'Developer Centric' specific fix recommendations, enabling users to
consistently detect and fix defects in-line with their current development process
and as a result, provides an effective real-time training tool that promotes secure
coding practices. With AppScan DE, enterprises are equipped with the tool and training
to drive secure Web applications from development to deployment more quickly and cost
effectively than ever before.
"Borland is focused on the complete application lifecycle management paradigm.
As development teams strive to build better software faster, making security a natural
integrated part of the application development process is key to building robust
enterprise scale solutions," commented Frank Slootman, senior vice president
of software products at Borland Software Corporation. "Quickly identifying and
responding to security optimization needs at the development stage reduces risk.
Sanctum's offerings can help to provide important time to market gains."
"The acceleration of new Web-based applications calls for automated tools.
With AppScan DE, developers have access to an integrated tool that makes secure code
an attainable goal so customers can receive quality applications on time," said
Charles Kolodgy, Research Manager, Security Products, IDC. "By delivering a security
testing tool tailored specifically to developers' needs, Sanctum provides a standard
for baking security into developers' code. Because fixing security bugs in production
software is so expensive, we believe that tools like this will be a driving force
in creating better, more secure, more reliable software across .NET and
Java platforms."
According to a 2002 study by the National Institute of Standards and Technology (NIST),
buggy software costs the national economy $60 billion, more than a third of which
could be saved through improved software testing alone. AppScan DE is the only automated
testing tool integrated within the developer's standard workflow that simplifies
security unit testing through automation, empowering developers to create quality
applications that are secure from inception. AppScan DE redefines quality
by enhancing current functionality and performance requirements with security.
Available as a plug-in for major Java IDEs, as well as fully integrated into
Microsoft Visual Studio .NET 2003 as a project, AppScan DE delivers comprehensive
defect analysis with built-in application intelligence. With automated precision
script creation, AppScan DE enables reliable and repeatable security unit testing,
and encourages real-time training on security testing and secure coding techniques
for developers. By reducing development cycles and associated downtime of security
defects, AppScan DE means applications are deployed faster, at a lower cost,
helping enterprises dramatically improve overall QA and development resources.
"Delivering quality applications to the market has become a mandatory requirement,
as enterprises have learned that the cost of fixing defects after deployment
is almost fifteen times greater than detecting and eliminating them during
development," said Steve Orrin, CTO of Sanctum, Inc. "Large enterprises require
the tools and training for their developers on both .NET Framework and Java platforms
to add security testing to the current performance and functionality testing that
has been required up to now. AppScan DE is the first integrated tool for
both independent developers and enterprise-wide adoption that encourages secure
coding throughout the application lifecycle across multiple IDEs."
AppScan DE 1.7 key features include:
- Native Plug-In—tests applications built in both Java/J2EE and Microsoft environments, including JBuilder 8 and 9, Visual Studio 6.0, WebSphere Studio Application Developer 5.0, and Eclipse IDE 2.0/2.1. Uses IDE-specific user interfaces to configure and launch AppScan security testing from within the major IDEs.
- Integration with Microsoft Visual Studio .NET 2003—AppScan DE is seamlessly integrated into Visual Studio .NET and Visual Studio .NET 2003, allowing users to stay within the IDE without disruption or disjointed processes. It tests applications built with all languages supported by Visual Studio .NET, including Microsoft� Visual C#� .NET, Microsoft� Visual C++� .NET, Microsoft� Visual Basic� .NET, and Microsoft� Visual J#� .NET.
- Multiple Test Modes—customizable configuration settings enable efficient security testing as part of the development cycle.
- Multiple Language Support—single click scan automatically tests Web applications written in any language supported by IDE used to develop Web applications including C#, C++, VB, Java, EJB, HTML, etc., and compatible with both J2EE and .NET environments.
- Real-Time Analysis—provides analysis and specific code examples for fix recommendations in real time, in-line with the development process. Users can configure test runs simply and quickly with automatic navigation to affected files. The results are date and time stamped and stored logically for quick and easy access.
- 'Developer Centric' Results and Recommendations—analytical tools simplify communicating results with developers, enabling users to view test results and HTTP request details to easily edit and configure reports. Developer-specific vulnerability advisories provide specific fix recommendations and sample code for both .NET and Java environments.
Pricing and Availability
AppScan DE is available immediately directly through Sanctum's eStore at www.SanctumInc.com,
through Programmer's Paradise at www.programmersparadise.com , or under an enterprise
license directly from Sanctum. AppScan DE has a retail price of $1495.00.
With the introduction of AppScan DE in February 2003, Sanctum has announced
a promotional price of $995.00 through August 1, 2003.
About Sanctum, Inc.
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the
recognized leader for Web application security solutions. Sanctum software solutions
provide automatic enforcement of intended business processes, ensuring the protection
of core information and data. By detecting and defending against any unauthorized
behavior, Sanctum protects customers against malicious cybercriminal activity-from
theft of intellectual property and customer data, to e-commerce fraud and Web site
defacement-even if a site has unknown security holes or flaws. Sanctum's solutions
complete a company's security infrastructure, assure regulatory compliance and create
sustainable ROI. Sanctum's customers include industry leaders in finance, retailing,
healthcare, government and telecommunications. Privately held, Sanctum is funded by
blue-chip venture capital firms and industry leaders including Sprout Group, Dell,
Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group,
Mofet Israel Technology Fund and Walden Israel.
For more information, visit
www.SanctumInc.com
or contact the Company directly at (408) 352-2000.
AppScan and AppScan DE are trademarks of Sanctum, Inc. All other product names
referenced are the property of their respective owners and are hereby acknowledged.
For Immediate Release
Contact:
Diane Fraiman
Sanctum, Inc.
(408) 352-2000
[email protected]
Tara Dugan or Sarah Thornton
(415) 512-0770
[email protected]
|