Watchfire Releases Industry's Most Extensible and Customizable Web Application Vulnerability Testing Solution and Launches New Open Source Community for Developing New Scanning Capabilities

Business Wire, April 16, 2007

AppScan 7.5 Introduces Powerful New AppScan eXtensions Framework and Fully Integrated Python Scripting Capability, Which Let Users Customize AppScan for Specific Needs

WALTHAM, Mass. -- Continuing its lead in web application vulnerability testing, Watchfire today introduced the industry's most flexible web application security solution, Watchfire[R] AppScan[R] 7.5. AppScan 7.5 introduces the AppScan eXtensions Framework[TM] (AXF) to harness the power of Watchfire's patented application scanning engine. Coupled with Pyscan, a new AppScan Python[R]-Scripting based web application security testing platform, security professionals can rely on AppScan 7.5 to customize, extend and create their own custom testing solution that uses the core technology of AppScan to accomplish specific security-related tasks. In addition, the company also launched the AppScan eXtensions open source community that lets security professionals benefit from the expertise of all AppScan users.

Today's changing market requires flexibility. AppScan 7.5 is the first product in the industry to make the technical leap from just a scanning tool to a security testing platform, cementing web application security to all parties involved in application creation. AppScan can now address application security vulnerabilities for users across the entire Software Development Life Cycle (SDLC), from non-security professionals to the most serious power user. Coupled with today's introduction of AppScan QA, (http://www.watchfire.com/news/releases/04-16-07b.aspx) designed to simplify security testing for development and quality assurance teams; Watchfire completes its vision of integrating web application security throughout the SDLC.

"Jyske Bank A/S insists on secure web applications that protect the confidential information and assets of our customers," said Dennis Panduro Rand, IT-security & Compliance, Jyske Bank A/S. "AppScan is currently one of the best solutions on the market to address our large and very complex web applications. It has become an integrated component of our implementation process for developers. We use AppScan to verify the security of our applications and are excited about the flexibility and the new and powerful advancements in AppScan 7.5 as our security testing requirements continue to grow. The new AppScan eXtensions Framework is a significant distinction for AppScan and represents an important step forward, further building on the overall productivity and capability. This gives us the strength to develop tools and scripts that directly connect with the AppScan SDK."

AppScan eXtensions Framework Extends AppScan Feature Set

AppScan 7.5 introduces a revolutionary new AppScan eXtensions Framework (AXF) that allows users to extend the AppScan feature set. AXF gives users the ability to create anything from a minor utility that performs simple tasks, to a full blown application that performs many complex actions, all based on AppScan data or functionality. By leveraging the potential that AXF provides, users can customize AppScan to meet their exact needs by using or creating their own eXtensions.

"With AppScan 7.5, Watchfire has really opened up the full power of the AppScan engine to our users," said Michael Weider, founder and chief technology officer of Watchfire. "With a customer base that makes up nearly a third of the global market share, our customers have great ideas on how to customize AppScan to even better address the unique challenges they face on the front lines of security every day. Watchfire's eXtensions community and website is all about innovation. Our customers can now create and share their own extensions, and collaborate together on new ways to leverage the new open flexibility of AppScan."

Samples of AppScan eXtensions immediately available for download today include:

* QA Defect Logger - Export security defects into leading quality assurance issue-tracking systems including HP Quality Center[TM] and IBM[R] Rational[R] ClearQuest[R];

* Microsoft[R] Visual Studio[R] Team System Defect Export - Export issues from AppScan directly into Visual Studio Team System (created by Dan Cornell, Denim Group);

* WordReporter - Generate customized and editable reports based on Microsoft Word templates;

* Mail-E-Vent - Receive email notifications when certain AppScan events occur during the scan;

* HTTPScout - Leverage NMAP to locate open HTTP or HTTPS ports on the scanned web server, adding them to the current scan configuration with a single click;

* DirectoryList-To-EXD - Import a list of any files from the web server including web pages, include files and others into AppScan to improve coverage (created by Dennis Rand, Jyske Bank A/S);

* QuickSearch Extension - Search issue types with a right click, covering online databases like Google[TM], SecurityFocus and others (created by Oliver Ng, Deloitte & Touche LLP).

Watchfire Involves Web Application Security Community

Also today, Watchfire launched its AppScan eXtensions Framework community website (http://axf.watchfire.com) to facilitate this collaboration. The AppScan eXtensions Framework community is a new online destination where Watchfire users can exchange extensions developed to solve specific security testing challenges, and its open nature allows them to build upon each others work. Watchfire's development team, customers and select partners have developed several new extensions as well as functional extensions to further extend AppScan's capability.