Watchfire, a provider of Web application vulnerability assessment software and services, yesterday introduced AppScan
7.6, the latest enhancement of the company's flagship product.
AppScan 7.6 continues Watchfire's focus of automating a greater portion of the application security testing problem while providing users greater flexibility and control. Enhancements include new PHP fix recommendations geared to address one of the fastest growing Web development platforms and a SQL Injection Exploit eXtension that can further reduce false positives by demonstrating and validating the presence of this dangerous vulnerability.
Additional AppScan 7.6 capabilities include the following:
- Developer essentials test policy
Targets issues of primary interest to developers. Developers' efforts in Web application security can now be optimized with a high accuracy policy that focuses on the highest impact issues that are easiest to find, understand, and fix.
- New compliance reports
The industry's most comprehensive compliance reporting solution, AppScan includes 41 out-of-the-box compliance reports, including new NIST 800-53 (National Institute of Standards and Technology) and the latest "OWASP Top Ten 2007".
- AppScan Reporter for Microsoft PowerPoint
Continuing the momentum of the AppScan eXtension Framework introduced earlier this year, this new eXtension allows users to export scan results into a customized PowerPoint presentation, straight from AppScan.
New on-demand software as a service
Watchfire also announced AppScan OnDemand, a new outsourced service to manage web application vulnerability assessments. The new service makes it easy for organizations of all sizes and at various stages in the security testing maturity model to benefit from the latest features of AppScan 7.6.
The service is ideal for companies that have little application security expertise, for those purchasing third-party software, or for those that need to analyze business partners to ensure they meet acceptable security standards.
Different service offerings:
- Basic Vulnerability Assessment
This is the entry-level AppScan OnDemand offering and is designed for simple applications whereby Watchfire experts run AppScan and provide analysis and recommendations.
- Comprehensive Vulnerability Assessment
Watchfire experts conduct a comprehensive security scan using AppScan and incorporate manual testing and exploitation of findings. This caters to medium to large applications with heavy user access levels.
- Advanced Application Security Test
This is the premium offering and is designed to accommodate the largest and most complex applications. This service incorporates a comprehensive security test combined with manual techniques to give a full application-level assessment.
Pricing and availability
AppScan 7.6 is available immediately as an individual offering, with pricing starting at $14,400. For more information and to download AppScan 7.6, visit Watchfire's Web site.
AppScan OnDemand is available immediately, with three convenient levels of service starting at $5,000.