Web application security company Denim Group Ltd. is donating its groundbreaking security scanner, Sprajax, to...
the non-profit organization, the Open Web Application Security Project (OWASP).
Sprajax is a popular tool and has been downloaded from the Denim Group Web site more than 2,500 times since its May 16 release. The security scanner is unique among its kind because it is designed specifically for Ajax-enabled Web applications.
Dan Cornell, principal at the Denim Group, describes Sprajax as a "black box dynamic analysis tool for Web applications that use Ajax technologies." Unlike other Web application vulnerability scanners, Sprajax can "detect the specific Ajax frameworks that are in use and send requests in the format those frameworks are going to understand," he said.
Cornell, who will be talking about Sprajax at this week's OWASP conference in Seattle, hopes the tool's exposure on the OWASP Web site will generate discussion about security issues specific to Ajax.
"There is a real lack of understanding security as it relates to so-called Web 2.0 applications," Cornell said. People are "spending time wondering about what they can do as opposed to what they should do."
OWASP is the perfect venue to launch that kind of discussion, Cornell said. The organization is at the forefront of open-source application security technology. OWASP.org is a wiki site, so registered users can offer considerable feedback. In addition, Denim Group and OWASP already have a history, as both organizations are dedicated to open-source technologies and Denim Group is the founding member of the OWASP chapter in San Antonio.
Jeff Williams, chairman of OWASP, is optimistic about the positive affects of the Sprajax donation. "Denim Group's contribution and leadership role in the OWASP Sprajax project will help developers worldwide produce more secure Ajax applications," he said in a press release.
"OWASP has a lot of thought leadership in the software security base," Cornell said. Being on the OWASP site exposes Sprajax to a larger contributor and user base that can enjoy the product -- and improve upon it. Sprajax is available for download at www.owasp.org/index.php/Sprajax.