Automated Testing Tool Raises Bar for Building Quality Applications throughout Development Lifecycle
Santa Clara, CALIF. March 18, 2003 -
Sanctum, Inc., the established leader in automated Web application security firewall
and testing software, today announced the general availability of the industry's
first software product to automate security testing during real time application
development. AppScan Developer Edition (DE) 1.5 has been fully integrated into
the widely-used Microsoft Visual Studio .NET environment, enabling application
developers to rapidly create Web applications that redefine industry standards
for quality. Functionality and performance are no longer the sole thresholds for
good software. AppScan DE brings applications to the next level, ensuring that
the final product is also secure, reducing cost and mitigating risk
for the enterprise.
"Since its public unveiling in February at VSLive!, there has been a
tremendously positive response to Sanctum's AppScan DE among the .NET Framework developer
community, and internally within Microsoft," said Mike Kass, product manager in
the Developer Platform and Evangelism Division at Microsoft Corp. "AppScan DE helps
to enforce secure coding best practices and gets development teams thinking
about security earlier in the software life cycle."
"To date, security has not been a part of the vocabulary of the application
developer who historically has struggled to balance increasing time-to-market pressures
with the production of reliable applications," said Theresa Lanowitz, Research Director,
Gartner, Inc. "Automated security testing tools fill one of the biggest voids in
the market today by allowing developers to build in security during development.
Security testing as an integrated component of enterprise development and testing
processes will enable developers to deploy quality applications in a shorter amount
of time, dramatically improving the utilization of development resources
enterprise-wide."
About AppScan DE
AppScan was designed with the qualities needed to make a developer's work more secure
without making it more complicated. AppScan DE seamlessly integrates into the Visual
Studio .NET 2003 Integrated Development Environment (IDE), and tests applications built
with any of the languages supported by Visual Studio .NET. AppScan DE can be quickly
configured to unit test any Web application for security defects directly from within
the IDE. After identifying the location of each defect, AppScan DE delivers in-line
fix recommendations, provides detailed descriptions, and enables the developer
to perform granular analyses of each test and response. AppScan DE helps make enterprise
applications resistant to attack without destroying any of their functionality, elegance
or effectiveness.
AppScan DE features include:
- Integration with Microsoft Visual Studio .NET 2003
AppScan DE is seamlessly integrated into Visual Studio .NET and Visual Studio .NET 2003, allowing users to stay within the IDE without disruption or disjointed processes. It tests applications built with all languages supported by Visual Studio .NET, including Visual C# .NET, Visual C++ .NET, Visual Basic .NET, and Visual J# .NET.
- Built-in Intelligence and Reporting
AppScan DE delivers comprehensive defect analysis with built-in intelligence. Users can view test results and HTTP request details and easily edit and configure reports.
- Automated Unit Testing
Instead of searching for security defects manually, developers and testers can use AppScan DE to detect security defects automatically as an integrated component of enterprise development and testing processes. AppScan automates the test script creation, modification, and maintenance process and ensures reliable and repeatable testing for: Cross-site Scripting, Parameter Tampering, Hidden Field Manipulation, Backdoors and Debug Options, Stealth Commanding, Forceful Browsing, Application Buffer Overflow, Cookie Poisoning, HTTP Attacks and SQL Injection.
- Real-Time Analysis
AppScan DE provides analysis and fix recommendations in real time, in line with the development process. Users can configure test runs simply and quickly, with automatic navigation to affected files. The results are date and time stamped and stored logically for quick and easy access.
"We are witness to an important period of time when the industry is demanding
better software. Billions of dollars are lost per year due to software flaws that
could have been eliminated during the application development cycle, yet until now,
the developer has not had the tools or security knowledge to create impenetrable
applications," said Steve Orrin, CTO of Sanctum, Inc. "With AppScan DE, Sanctum
is applying its years of application security expertise to a tool specifically
designed for the developer. By putting the power and flexibility of AppScan DE
into the hands of application developers, enterprises will see a significantly
reduced amount of downtime caused by security defects found during production-translating
to faster, less costly application deployment and higher quality software."
Pricing and Availability
AppScan DE is available immediately at www.sanctuminc.com. AppScan DE has a retail
price of $1,495.00. With the introduction of AppScan DE, Sanctum has announced a
promotional price of $995.00 through August 1, 2003.
About Sanctum, Inc.
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the
recognized leader for Web application security solutions. Sanctum software solutions
provide automatic enforcement of intended business processes, ensuring the protection
of core information and data. By detecting and defending against any unauthorized
behavior, Sanctum protects customers against malicious cybercriminal activity-from
theft of intellectual property and customer data, to e-commerce fraud and Web site
defacement-even if a site has unknown security holes or flaws. Sanctum's solutions
complete a company's security infrastructure, assure regulatory compliance and create
sustainable ROI. Sanctum's customers include industry leaders in finance, retailing,
healthcare, government and telecommunications. Privately held, Sanctum is funded by
blue-chip venture capital firms and industry leaders including Sprout Group, Dell,
Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group,
Mofet Israel Technology Fund and Walden Israel.
For more information, visit
www.SanctumInc.com
or contact the Company directly at (408) 352-2000.
AppScan and AppScan DE are trademarks of Sanctum, Inc. All other product names
referenced are the property of their respective owners and are hereby acknowledged.
For Immediate Release
Contact:
Diane Fraiman
Sanctum, Inc.
(408) 352-2000
[email protected]
Tara Dugan or Sarah Thornton
Schwartz Communications, Inc.
(415) 512-0770
[email protected]
|