Denim Group donates Ajax security scanner to OWASP

By Jennette Mullaney, Assistant Editor 16 Oct 2006 | SearchAppSecurity.com

Software quality news and advice Digg This!     StumbleUpon     Del.icio.us

Web application security company Denim Group Ltd. is donating its groundbreaking security scanner, Sprajax, to the non-profit organization, the Open Web Application Security Project (OWASP).

Sprajax is a popular tool and has been downloaded from the Denim Group Web site more than 2,500 times since its May 16 release. The security scanner is unique among its kind because it is designed specifically for Ajax-enabled Web applications.

Dan Cornell, principal at the Denim Group, describes Sprajax as a "black box dynamic analysis tool for Web applications that use Ajax technologies." Unlike other Web application vulnerability scanners, Sprajax can "detect the specific Ajax frameworks that are in use and send requests in the format those frameworks are going to understand," he said.

Cornell, who will be talking about Sprajax at this week's OWASP conference in Seattle, hopes the tool's exposure on the OWASP Web site will generate discussion about security issues specific to Ajax.

"There is a real lack of understanding security as it relates to so-called Web 2.0 applications," Cornell said. People are "spending time wondering about what they can do as opposed to what they should do."

OWASP is the perfect venue to launch that kind of discussion, Cornell said. The organization is at the forefront of open-source application security technology. OWASP.org is a wiki site, so registered users can offer considerable feedback. In addition, Denim Group and OWASP already have a history, as both organizations are dedicated to open-source technologies and Denim Group is the founding member of the OWASP chapter in San Antonio.

Ajax security resources Denim Group releases open-source security scanner for Ajax  App security tools target Ajax vulnerabilities  Testing for security in the age of Ajax programming

Jeff Williams, chairman of OWASP, is optimistic about the positive affects of the Sprajax donation. "Denim Group's contribution and leadership role in the OWASP Sprajax project will help developers worldwide produce more secure Ajax applications," he said in a press release.

"OWASP has a lot of thought leadership in the software security base," Cornell said. Being on the OWASP site exposes Sprajax to a larger contributor and user base that can enjoy the product -- and improve upon it. Sprajax is available for download at www.owasp.org/index.php/Sprajax.

Tags: Software security testing and techniques,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Software security testing and techniques Web server weaknesses you don't want to overlook Using firewalls for software testing: Pros and cons Beating software's cross-site scripting, authentication problems Free Web proxy security tools software testers should get to know How to get management on board with Web 2.0 security issues Web application security best practices: Tips on implementation Testing strategies for complex environments How to make your software tamperproof Ways to approach application performance testing on a tight budget How can I tell if my software security has been breached?

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary