WALTHAM, MA âDecember 5, 2005 â Watchfire, the leading provider of software and services to automate web application security testing, today announced new releases of AppScanÂ® and AppScanÂ® Developer Edition (DE). AppScan 6.0 introduces features that deliver new remediation capabilities, key regulatory compliance reporting, a redesigned user interface and productivity enhancements that dramatically improve, automate and streamline usersâ ability to quickly find, remediate and manage web application security vulnerabilities.
"Security teams today are under intense pressure and many cannot keep up with the volume of applications they need to test. Currently, they are either catching issues late in the development cycle or often not at all," said Michael Weider, CTO, Watchfire. "We spent more than a year working on this release and we were laser focused on eliminating barriers to fixing critical security flaws, boosting the level of automation and improving efficiency. AppScan 6.0 is a significant milestone and sets a new benchmark for web application testing with innovative capabilities that not only identify critical application weaknesses but also provide intelligent fix recommendations, improving the ease and speed by which users are able to understand, prioritize and remediate critical web application security issues."
Previous generation products simply identify the vulnerability, and can overwhelm users with a myriad of issues instead of helping them fix the problems. With the new remediation capabilities in AppScan 6.0, users can easily understand how to fix these issues. AppScan 6.0 also features a completely re-built and redesigned user interface and reporting engine, a simplified application-centric versus vulnerability results view, a streamlined hierarchical results tree, revolutionary smart consolidation features and intelligent and actionable fix recommendations conveniently grouped by the type and severity of the exposure. AppScan simplifies the remediation process, eliminating barriers to fixing critical security issues and dramatically improving user productivity and return on investment.
"Online security breaches continue to re-enforce the serious security threats associated with web application vulnerabilities. Many organizations are aware of the problem, which is being exacerbated by increasing regulations, but have not been able to manage it well," said Charles Kolodgy, research director for Security Products at IDC. "For strong risk mitigation associated with web applications, enterprises need to invest in automated solutions that can identify and mitigate web application weaknesses, audit for regulatory compliance, and offer intelligent prioritization of what critical solutions need to be fixed."
Developers today have hundreds of critical applications that need to be tested in a timely manner. AppScanâs patented scanning engine already boasts the industryâs fastest scanning capabilities and with 6.0, the company has further improved its scanning speed, performance and scalability, and includes wizard-based scan configuration-- huge productivity benefits for users.
AppScan 6.0 reports on more than 30 global compliance requirements and standards, including Sarbanes Oxley (SOX), Federal Information Security Management Act (FISMA), Gramm-Leach Bliley Act (GLBA), Visa CISP, NERC CIPC Security Guidelines for the Electricity Sector, the Japanese Personal Information Protection Act 2003 (JPIPA), the UK Data Protection Act 1998 (UK DPA), Director of Central Intelligence DCID 6/3 (US DOD regulation) and the California Assembly Bill No. 1950 (CA AB 1950). AppScan 6.0 maps to Open Web Application Security Projectâs (OWASP) top 10 critical web application vulnerabilities, the SANS Top 20, the Web Application Security Consortium (WASC) standards and many others, providing the most complete compliance reporting.
Because new methods for attacking web applications are growing in volume and frequency, AppScan 6.0 now features daily security vulnerability updates.
AppScan is the industryâs first and most widely deployed web application security testing tool. Earlier this year Watchfire successfully introduced a web application security partner program and has signed 14 new global resellers, solution providers and technology partners including SiegeWorks, Fujitsu Korea, RedCliff, Stalwart, and Ostfold Software. The company has expanded its technology partnerships with Mercury, F5 and Microsoft. Watchfire also recently introduced a version of AppScanÂ® for Mercury Quality Centerâ¢.