Watchfire opens up application-vulnerability software
- 19 April, 2007 15:23
Watchfire is opening up its Web application-vulnerability software so customers can create their own security tests of corporate.
This capability, which lets users extend features based on individual needs, is part of Version 7.5 of Watchfire's AppScan platform.
Callled AppScan eXtensions Framework, the new feature supports a range of add-ons. For instance, one extension developed by Watchfire itself exports security defects discovered by AppScan to such quality-assurance tracking applications as HP Quality Center and IBM Rational ClearQuest. Another extension formats AppScan reports for Microsoft Word.
AppScan probes Web applications looking for vulnerabilities and reports them, specifying the lines of code that need to be fixed to correct the problems.
As part of AppScan 7.5, Watchfire has let users to embed AppScan within other applications and controlÂ it from there; that makes it simpler for users to run security scans because they don't have to switch from application to application.
A software developers kit and an API also are available from Watchfire for those who want to write extensions. In addition, the company has set up an online community for customers who develop AppScan extensions where they can discuss their work and post extensions for others to download and build on.
Another new feature of AppScan, called Pyscan, lets customers script custom automated tests in the Python scripting language. This can speed up testing by eliminating what in earlier AppScan versions would have been manual tasks.
For example, a Pyscan script could attempt to exploit a vulnerability found by AppScan, then report whether the exploit succeeded and elevate the threat status of the vulnerability if it did succeed, the company says.