ASP.NET tool upgrade: Compuware releases SecurityChecker 2.5

By Jennette Mullaney, Assistant Editor 26 Jul 2006 | SearchSoftwareQuality.com

Digg This!     StumbleUpon     Del.icio.us

Compuware has released an updated version of its ASP.NET security analysis tool, DevPartner SecurityChecker 2.5.

Among the new features are automated downloadable updates, a Team Integration System, improved reporting capabilities and 14 new vulnerability rules for the analyzers. Notably, the five new rules added to the integrity analyzer (a penetration tester) help protect software from the burgeoning business of Google hacking.

Ken Cowan, Compuware DevPartner Product Line Manager, explains that the integrity analyzer rules were included because of developments within the hacking community. "[Hackers] spread their own best practices," says Cowan, and "Google hacks are simply another mechanism for a hacker to find the information."

The SecurityChecker run-time analyzer has five new rules that cover encryption, insecure coding and configuration. The compile-time analyzer, a static analysis tool which can be employed at the earliest stages of software development, also comes equipped with a new set of rules that check for insecure practices and configuration weaknesses.

The Team Integration System is a new component within the Microsoft Visual Studio Team System. It is meant to foster communication between the Quality Assurance department and the developers -- two groups that have not traditionally worked together.

Cowan offers one example of how the Integration System can work, "the DevPartner SecurityChecker analysis will indicate the line of code with the error. The QA analyst, generally speaking, will not be interested in source line detail, but by including that data in the defect report, the developer can go straight to the source of the problem and quickly fix it."

Application security tools Featured Topic: App security tools What's in your security toolbox? Compuware updates ASP.NET security tool

Another innovation in SecurityChecker 2.5 is enhanced reporting capability. There are two new reports, one categorizing vulnerabilities based upon the OWASP Top Ten vulnerabilities list and another categorizing upon "accepted industry classification." This second report includes popular flaws such as SQL injection, cross-site scripting (XSS) and buffer overflow.

Through an additional new feature called Terminal Services, a user can run a SecurityChecker session on a remote server along with the ASP.NET application being analyzed. This is for cases when the user does not have a local copy of Microsoft's IIS or the Visual Studio integrated development environment (IDE).

For those who are new to application security, the product also comes with a security assessment service. "The service provides a trained Compuware professional to perform an on-site analysis of your application security, which enables you to determine how much risk you have of a successful attack," according to Cowan.

The DevPartner SecurityChecker 2.5 is available and costs $4,200 per named user and $12,600 per concurrent user.

Tags: Software security testing and techniques,  Software testing tools and frameworks,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Software security testing and techniques 10 steps to acing Web app security assessments Hack maliciously to boost your software's security Software Testing: How to know you're ready to start testing Software security best practices: Roles developers must play The role of quality assurance (QA) pros in software security What is fuzz testing? What are some ways to use fuzz testing? Software security: Removing insecurity from outsourced development Common software security risks and oversights Why the quality assurance department should be involved in testing What are the different software testing methodologies? Software testing tools and frameworks VMLogix adds support for testing in the cloud PushToTest taps into the cloud Exploring mobile layout testing, emulators and goals Liz Andrews, Marketing Manager, Altova New tools target software QA, testing: Spring roundup Coverity introduces build analysis tool, new Integrity Center Agile software development tutorial: Agile project management, tools The benefits of exploratory testing in agile environments How to write a test strategy document What are the risks in using open source test automation tools?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary JUnit  (SearchSoftwareQuality.com) NUnit  (SearchSoftwareQuality.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary