Leading Web Security Testing Tool Integrates Seamlessly into Any Application Testing Environment
Santa Clara, Calif. September 30, 2002 - Sanctum, Inc., the established
leader in Web application security software, today announced the availability of
AppScan 3.5, the leading Web security testing tool now optimized for the enterprise
application testing environment. With the introduction of AppScan 3.5, Sanctum extends
its proven Web security vulnerability assessment solution that has been part of the
auditor's toolkit for years to the application quality assurance (QA) testers.
AppScan 3.5's 'Site Smart' technology learns the unique behavior of each Web application,
and builds a customized vulnerability assessment scan to drive precision testing
throughout the application lifecycle. Addressing the widest range of Web application
vulnerabilities, AppScan 3.5 tests both customer and third party applications for
application specific vulnerabilities (ASVs), common Web vulnerabilities (CWVs)
and .Net framework vulnerabilities.
A study by IBM's System Sciences Institute found that the relative cost of fixing
defects after deployment is almost seven times greater than detecting flaws and
eliminating them during testing. Web applications-the target of 80 percent of
all hacks according to Gartner-continue to expose the most costly and serious
security defects. As the market demand for high quality applications increases,
security is quickly becoming a vital parameter in the QA testing process.
By reducing Web application security defects before they get to production,
AppScan 3.5 allows companies to reduce the overall number of development cycles,
deploy secure applications faster, and improve the utilization of QA
and development resources to deliver an unparalleled ROI.
"Cyber-threats at the application level continue to increase," said John Pescatore,
vice president for Internet Security at Gartner. "With the increased focus on
critical infrastructure protection, integrating automated security testing tools
into the application development and testing process needs to become standard practice
for all enterprises with Internet exposure."
AppScan 3.5 brings the combination of speed, accuracy, flexibility and efficiency
to application development, QA testing and audit functions. As a standalone application
running on Microsoft Windows 2000, AppScan learns the unique business logic of
the application on the fly and creates a dynamic scan to obtain the most comprehensive
Web application vulnerability assessment. Exploring the site like a hacker would, AppScan
tests for application specific vulnerabilities such as SQL injection, cross-site scripting
and parameter tampering; common Web vulnerabilities for third party applications;
and .Net framework vulnerabilities. Once the assessment is complete, AppScan provides
customized, detailed reports that include actionable recommendations for how to
fix known and unknown vulnerabilities. The result is the most accurate Web security
testing tool in the market today.
The key new features of AppScan 3.5 include:
- Precision TestingAutomatically learns the application's structure
and business logic on the fly; intelligently detects both CWVs and ASVs with less
than one percent false positives/negatives.
- Business Process Record and PlayRecords business processes for regression
testing and stores the information as XML for easy modification.
- JavaScript ExploreProvides the unique functionality of
exploring JavaScript, identifying potentially dangerous content and testing
the embedded links.
- Scan SchedulingAllows user to schedule one-time, regular and
concurrent tests by triggering scans to run at optimal times of the day or week.
- Web Services SupportExplores application vulnerabilities found
in .NET services, including new types of XML-related vulnerabilities, cross-site scripting
and advanced SQL injection attacks.
- Detailed and Customized ReportingProvides actionable results
for each vulnerability and allows easy report customization for specific target
audiences, including developers and executives.
"With the introduction of AppScan 3.5, application developers and QA testers
no longer have to choose between on-time application delivery and complete application
security," said Gili Raanan, senior vice president of products at
Sanctum, Inc. "Sanctum's AppScan 3.5 integrates seamlessly into any application
testing environment, while delivering the highest level of accuracy and efficiency in
assessing Web application-specific vulnerabilities. Built on proven performance
for auditors, AppScan 3.5 drives Web security at every stage of the application
lifecycle to produce the highest quality Web applications."
Availability
AppScan 3.5 is available immediately.
Webinar Event
For additional information on security within enterprise application testing, join
Sanctum CTO Steve Orrin today-September 30, at 2:00 p.m. EDT-for the
"Rush To Release-Deploying Secure Applications" Webcast. To register,
visit http://searchSecurity.com/r/0,,6022,00.htm.
About Sanctum, Inc. (www.SanctumInc.com)
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the
recognized leader for Web application security solutions. Sanctum software
solutions provide automatic enforcement of intended business processes, ensuring the
protection of core information and data. By detecting and defending against any
unauthorized behavior, Sanctum protects customers against malicious cybercriminal
activityfrom theft of intellectual property and customer data,
to e-commerce fraud and Web site defacementeven if a site has unknown security
holes or flaws. Sanctum's solutions complete a company's security infrastructure,
assure regulatory compliance and create sustainable ROI. Sanctum's customers include
industry leaders in finance, retailing, healthcare, government and telecommunications.
Privately held, Sanctum is funded by blue-chip venture capital firms and industry
leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures,
Wachovia Strategic Ventures Group, Mofet Israel Technology Fund and Walden Israel.
For more information, visit
www.SanctumInc.com
or contact the Company directly at (408) 352-2000.
# # #
AppScan and AppShield are trademarks of Sanctum, Inc. All other product
names referenced are the property of their respective owners and
are hereby acknowledged.
For Immediate Release
Contact:
Diane Fraiman
Sanctum, Inc.
(408) 352-2000
[email protected]
Annie Kim or Tara Dugan
Schwartz Communications, Inc.
(415) 512-0770
[email protected]
|