Watchfire Introduces AppScan 7.0, Highlighting a Decade of Web Security Leadership

Business Wire, Nov 6, 2006

Powerful New Solution Further Bridges the Gap between Security Professionals and Developers with Greater Automation Precision, Control and Visibility to Identify, Communicate and Remediate Web Security Vulnerabilities

WALTHAM, Mass. -- Watchfire, the market-leading provider of application vulnerability assessment software and services to help ensure the security and compliance of websites, today unveiled AppScan[R] 7.0, a major new product release that highlights a decade of innovation and leadership since AppScan pioneered the web application security market in 1996.

Security teams are under pressure to keep up with the volume of applications they need to test. They often catch issues late in the software development cycle or not at all. This problem is compounded by the fact that development and QA professionals typically have little or no security expertise and do not fully understand how to fix the issues. AppScan 7.0 was developed to solve these problems and features more advanced application vulnerability scanning and increased testing process automation, in addition to a range of new features to help organizations understand and act upon the web security vulnerabilities found. It provides unmatched visibility and control for security professionals and penetration testers, and introduces root cause identification and communication features to provide developers with logical instructions on how to not only find and fix issues, but also learn from the process.

AppScan 7.0 highlights include:

Enhanced Automation to Further Improve Productivity:

* Privilege Escalation Testing - AppScan 7.0 is the only solution to automate the manually intensive task of testing an application's authorization model. The AppScan Privilege Escalation Testing exposes vulnerabilities that make protected resources available to unauthorized users. Before AppScan 7.0, this task could take days to conduct manually - now it can take minutes. Internal Watchfire studies have shown an 88% reduction in effort when AppScan 7.0 is used to test an application's authentication policy.

* Two-Factor Authentication Support - AppScan is the only solution to support the use of complex authentication procedures in web applications. When AppScan detects that a complex authentication login is required, it will suspend the scan while maintaining the session state, and prompt the user to complete the authentication process. Without this capability, web application scanners are kicked out of session, resulting in poor application coverage and increased false positives. Supported authentication methods include two-factor authentication, CAPTCHA, stepped authentication, one-time passwords, USB keys, smartcards and mutual authentication.

New Ability to Action and Communicate Critical Vulnerabilities:

* Validation Highlighting & Reasoning - AppScan 7.0 is the first solution to provide the combination of test validation highlighting, reasoning and difference to demonstrate and explain vulnerabilities. Other scanning solutions hide their testing and reasoning, making it difficult to identify each issue's root cause. Watchfire has opened AppScan to highlight exactly what issue was detected in which web site response, why it was detected and how it was detected--providing immediate and unmatched transparency which enables the user to efficiently understand the root cause of each vulnerability, communicate it to developers and then initiate the remediation process.

* Identifying the Root Cause of Vulnerabilities - AppScan was the first solution to provide actionable results for developers, with a remediation view that enabled developers to understand the root cause of the problem, not just the symptom. Now, AppScan 7.0 goes even further by providing more automation, control and visibility for security professionals and penetration testers.

"We work closely with our customers and partners to understand their security needs and how we can prioritize our efforts to support their success. We've focused upon the breadth of our solutions to ensure the widest application scanning ability, and integration with key technologies in our space. The market responded by adopting our AppScan technology for deployment across nearly a third of the global market," said Peter McKay, president and CEO, Watchfire. "AppScan 7.0 expands on its core capabilities of vulnerability identification and remediation of developer tasks by empowering the security professional with more automation, visibility and control over web applications' security processes, and the developer with a better understanding of the root cause and how to fix the issues."

AppScan Reporting Console: Facilitating better understanding, management and control

Also announced today is Watchfire's new AppScan Reporting Console, a powerful web-based management and reporting dashboard that can be used to manage multiple desktop versions of AppScan as a cost-effective means to establish process and manage security across the enterprise.