Back to all announcements

Watchfire Announces AppScan Enterprise -The Industry's First Enterprise-class Web Application Vulnerability Solution

AppScan Enterprise Delivers Unprecedented Scalability, Centralized Control and Visibility

WALTHAM, MA-February 6, 2006- Recently named by IDC as the worldwide market share leader in the web application vulnerability assessment software category, Watchfire is further advancing its leadership with the introduction of AppScan® Enterprise. AppScan Enterprise enables organizations to take a strategic approach to web application security management and is ideal for large, distributed organizations with many web applications.

AppScan Enterprise automates the process of web application vulnerability management across the enterprise by providing centralized controls, scalability and enterprise-wide visibility to identify, manage and remediate the critical issues impacting application security. AppScan Enterprise seamlessly integrates with the desktop version of AppScan®, extending the tool's capabilities.

According to media reports, there were at least 130 reported breaches in 2005 that exposed more than 55 million Americans to potential ID theft. An adviser for the Treasury Department's Office of Technical Assistance estimated that cybercrime proceeds in 2004 were $105 billion, greater than those of illegal drug sales.[1] These breaches exposed organizations to significant fines, customer churn and severe brand erosion. Online breaches continue to re-enforce the serious security threats associated with web application vulnerabilities and a strategic enterprise approach for web application security management is critical in order to take back control and manage web application security risk.

"Weight Watcher's website and customer-facing applications are used everyday by hundreds of thousands of users around the world. We use Watchfire to manage both content compliance and application security. AppScan Enterprise is highly complementary with our existing processes and the platform's centralized application scanning control, user access permissions and trending metrics truly support an enterprise approach to managing these challenging issues," said Kevin Haggard, director of quality assurance, Weight Watchers.

AppScan Enterprise has the unique ability to scan and test websites with thousands of applications. It analyzes multiple applications simultaneously and stores the results in an enterprise-class database, generating interactive web-based reports to provide key stakeholders with diverse perspectives. AppScan Enterprise provides four categories of security reporting.

Security Issues - Helps to determine weaknesses, such as cross-site scripting and SQL injection that may expose an organization to online security risk.

Security Risk Assessment - Provides a textual description of what a hacker could do with the information made available by the online security vulnerability.

Remediation Tasks - Provides actionable recommendations to prioritize and fix security issues that impact the business most.

Security Compliance - Maps the found security issues to regulations an organization may need to comply with so executives can understand their security risks and the implications of these vulnerabilities.

AppScan Enterprise Highlights include:

Server-based - Zero footprint with a web-based user interface.

Access Permissions for Reporting and Scanning - Provides centralized control and visibility by assigning user, scanning and reporting rights.

Summary Dashboard and Metrics - Executive management dashboards deliver comprehensive security metrics used to identify, assign and track the issues impacting online security.

Issue Management - Filters and prioritizes key security issues allowing enterprises to prioritize and resolve the highest security and risk issues first.

Scanner Enhancements - Supports multi-thread scanning, and includes JavaScript and AJAX support, advanced login script support, providing the unique ability to scan and test complex enterprise websites with thousands of applications.

Enterprise Database Storage - Scans and analyzes multiple applications simultaneously and stores the results in a MS SQL Server or Oracle relational database.

Regulatory Compliance Reporting - Reports on 34 global compliance requirements and standards, including Federal Information Security Management Act (FISMA), Gramm-Leach Bliley Act (GLBA), and Payment Card Industry (PCI) Data Security Standards, providing the industry's most complete compliance reporting.

"Security breaches are eroding trust in the Internet as a viable business channel. Hackers alone have dramatically increased the cost of doing business online, despite efforts to thwart these attacks," said Michael Weider, CTO, Watchfire. "As more organizations recognize the need for a more strategic approach to web application vulnerability management, AppScan Enterprise is the ideal platform to help the world's largest and most demanding enterprises automate security analysis across the enterprise, providing centralized visibility and control to monitor and manage web application security risk."

The release of AppScan Enterprise continues the trend of recent industry accolades for Watchfire and its security products:

· IDC named Watchfire as the worldwide market share leader in web application vulnerability assessment software category

· Finalist in two categories for the 2006 SC Magazine Awards

· Named Hot Security Company 2006 by InfoSecurity Product Guide

· Finalist in Software Test and Performance Testers Choice Awards

· AppScan receives Computer Reseller News' "Recommended" Rating

· Addition of more than 170 customers in 2005