Watchfire Releases AppScan Enterprise 5 with QuickScan for Developers; First Web-based Solution to Extend Application Security Testing Capabilities Throughout Development

Business Wire, Feb 20, 2007

Watchfire Innovation Redefines Application Security Industry with First One-Click Vulnerability Scan, Advanced Source Code Analysis Integration, New Computer Based Training Curriculum and More

WALTHAM, Mass. -- Watchfire, the market share leading provider of application vulnerability assessment software and services, today announced AppScan Enterprise 5. Based on next-generation technology, this new version further strengthens the power of the industry's only web-based application security solution for security professionals, and now extends its utility to include a new point and shoot testing tool called QuickScan and integrated Computer Based Training to accelerate the adoption of security testing by QA and development teams.

Current techniques to integrate security testing into the Software Development Lifecycle (SDLC) are failing. Companies are either relying on an overburdened security team to test applications late in the cycle, when fixes are the most costly, or they're throwing complex tools at QA and development teams expecting them to master security testing with no formal processes and training. Today, Watchfire introduces a powerful new approach to solving this problem and to increase adoption of security testing in both QA and development. Companies need a more complete program for introducing, then optimizing application security testing over time. A program that incorporates user training, testing tools tailored to the unique needs of specific SDLC stakeholders - security, QA, and development, and ongoing services and support. Watchfire calls this program Fanatical Success.[TM] (Visit http://www.watchfire.com/news/releases/02-20-07b.aspx to see today's Fanatical Success press release.)

"Organizations are struggling with how to integrate security testing with their SDLC," said Jim Routh, CISO, Depository Trust & Clearing Corp. "What Watchfire understands is that it's not just about arming developers with robust vulnerability scanning tools. It's about providing developers with both accessible technology and accessible education. Only through this combination will developers begin to incorporate vulnerability assessment results into their application development process."

QuickScan for Developers

With the release of AppScan Enterprise 5, and the introduction of QuickScan, Watchfire's vision for providing simplified security testing tools for developers is realized. QuickScan has been tailored specifically to meet developers' unique needs. With QuickScan, developers do not have to be security experts to scan applications for security vulnerabilities. Because there is no configuration required or desktop software to install, developers just point and shoot the web-based QuickScan at their application. Results are presented in a "Developer Task List" format enabling non-security users to rapidly understand what exactly needs to be fixed in order to make the application secure. QuickScan relies on administrator-defined scan templates, so while shielding developers from unnecessary complexity, QuickScan affords security teams with the centralized controls they demand.

"The industry is in wide agreement now that security testing must be built into the SDLC, but too often companies mistakenly throw complex security solutions at developers as the answer," said Michael Weider, CTO of Watchfire. "It's simply not feasible to expect developers, who are already overtaxed with go-to-market pressures, to take on the role of security experts too. QuickScan was designed to give developers a hassle-free scanning solution that helps ensure adoption and makes vulnerability assessments a permanent part of the application development process."

OnDemand, Computer Based Training

Computer Based Training is an ideal way to educate non-security professionals, like developers, on application security fundamentals and product best practices. As a result, AppScan Enterprise 5 delivers integration with Watchfire's self-service, self-paced training program. Customers now have access to a Training dashboard within AppScan Enterprise 5, where team leaders and executives are able to monitor adoption rates and employee progress by viewing enrollment information, course completion rates and test results. The Training dashboard even provides the ability to correlate training activity levels with vulnerability data for specific business units--fostering healthy competition within organizations to improve application security.

Today, in support of its Fanatical Success program, the company also rolls out new Computer Based Training curriculum tailored specifically for developers, with courses that include "The Importance of Secure Coding;" QA professionals, with courses that include "Understanding and Verifying Scan Results;" and security auditors, with courses that include "How to Create Custom Security Tests." Since the launch of its Computer Based Training program late last year a significant number of Watchfire sales have included enrollment.