SPI Dynamics First to Offer Integrated Security Support for Microsoft ASP.NET AJAX in DevInspect® 3.0 Web Application Security Developer Testing Solution


Company Also Delivers an Integrated Developer Security Platform for Microsoft Visual Studio Team System with Combined Source Code and Black Box Testing

ATLANTA, Nov. 6 -- S.P.I. Dynamics, Inc. (www.spidynamics.com), the leading provider of Web application security testing software and services, announced today the company, in close collaboration with Microsoft, is the first Web application security vendor to provide support for Microsoft ASP.NET 2.0 AJAX Extensions (formerly code-named "Atlas") in its latest release of the company's integrated developer product, DevInspect 3.0. DevInspect is the first security product to analyze and remediate security vulnerabilities in Web applications built using ASP.NET AJAX.

"As technology such as AJAX aggressively evolves to increase the positive experience of users on the Web, Microsoft maintains a focused commitment to improving application security," said Brian Goldfarb, group product manager of the Web Platform and Tools Group at Microsoft Corp. "SPI Dynamics has worked with Microsoft and the ASP.NET AJAX team to raise awareness of application security issues and deliver developer security solutions that assist in the development of more secure software through the Microsoft Visual Studio platform."

The company also announced today the release of DevInspect 3.0 for Microsoft Visual Studio Team System integrated defect tracking and configuration management product. The tight integration of DevInspect with Visual Studio Team System enables developers to share data about security defects with their entire development team. DevInspect is also currently available in an integrated offering for Microsoft Visual Studio 2003 and Visual Studio 2005 and SPI Dynamics is a Microsoft Gold Certified Partner and a member of Microsoft's Partner Advisory Council of the Visual Studio Industry Partner Program.

"SPI Dynamics continues to lead the market with cutting-edge Web application security solutions and research that address the future of applications. The release of DevInspect 3.0 with ASP.NET AJAX support and integration with Microsoft Visual Studio Team System is another example of our close ongoing relationship with market leaders like Microsoft to provide an infrastructure that encourages more secure software production throughout the application lifecycle," said Brian Cohen, president and CEO, SPI Dynamics. "Our continued goal is to assist development, QA and operations teams in the facilitation of a secure development process by providing the necessary integrated tools that meet their growing needs and result in risk reduction for the entire organization at the most critical layer - the Web application."

DevInspect provides a powerful automated secure coding framework for software developers, and offers the following features for security analysis and vulnerability remediation of security defects within ASP.NET AJAX applications:

o Thorough security analysis and automated vulnerability remediation of ASP.NET 2.0 AJAX Extensions applications, including partial page rendered content within UpdatePanel controls.
o Runtime script interpretation and security analysis of the Microsoft AJAX Library, the cross-browser and cross-platform script library available as part of ASP.NET AJAX Extensions.
o Discovery of ASP.NET AJAX Web services calls and in-depth security analysis of underlying JSON and SOAP Web services.

SPI Dynamics' DevInspect also offers the following benefits for Visual Studio Team System:

o Facilitates Development Lifecycle Collaboration - Enables developers to manage and share security information through vulnerability work item management and detailed vulnerability reporting, and prevents developers from checking insecure code into the Visual Studio Team System version control system through security code check-in policies. In addition, enables developers with little to no security expertise to automatically fix vulnerabilities during development and deliver secure Web applications.
o Offers Broadened Hybrid Analysis(TM) - SPI Dynamics' unique approach to pinpoint security vulnerabilities with unmatched accuracy and to dramatically reduce false positives. The source code analysis phase defines the application attack surface, identifying all application inputs and finding common security coding errors and all potential vulnerabilities. The black box testing phase uses the intelligence and data from the source code analysis to discover and verify exploitable security defects using automated attack techniques against running applications. This black box testing phase virtually eliminates false positives to yield the actual exploitable security vulnerabilities in the application found during source code analysis, rather than a list of potential problems that require manual review and validation.

Availability
SPI Dynamics' DevInspect 3.0 with ASP.NET AJAX support and integration with Visual Studio Team System will be available December 1st. For more information, please visit www.spidynamics.com, or contact SPI Dynamics at (866) 774-2700; info@spidynamics.com.

For more information on AJAX security threats and their impact, the following materials from SPI Dynamics are available:

o White paper - "AJAX Security Dangers"
http://www.spidynamics.com/assets/documents/AJAXdangers.pdf
o On Demand Webcast - "AJAX (in)security"
https://download.spidynamics.com/registration/AJAX_webcast.asp

About AJAX Security

AJAX (Asynchronous JavaScript and XML) continues to maintain a steady pace as the application software development technology of the Web 2.0 future. Web 2.0 is exploding and with it comes the hard push for technology that facilitates a more interactive and responsive Web that enhances the experiences of its users. This push has encouraged quick adoption by developers and enterprise organizations of AJAX technology that dramatically improves the flexibility of Web applications. However, while AJAX can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind.

About S.P.I. Dynamics, Inc.
Start Secure. Stay Secure®
Security Assurance Throughout the Application Lifecycle

SPI Dynamics delivers a comprehensive suite of products and services (http://www.spidynamics.com/products/index.html) that help to identify and remediate Web application and Web services security vulnerabilities found at key stages throughout the Web Application Lifecycle. SPI Dynamics solutions enable security professionals, QA testers, and developers to work together to assess, analyze, and remediate Web applications and Web services for security vulnerabilities, and verify compliance with over 20 security policies like SOX, HIPAA and PCI. The Company's unique approach utilizing patent-pending Intelligent Engines(TM) technology combined with the largest Web application security vulnerability knowledgebase in the industry delivers unparalleled speed and accuracy. SPI Dynamics' research and development team, SPI Labs, is widely recognized as one of the world's leading authorities on Web application security and risk management. The Company has over 850 customers among Global 2000 enterprises, including over 90 U.S. Federal accounts, and has strategic partnerships with Microsoft, IBM, Mercury, CSC and Visa with Visa investing in the Company in 2005. SPI Dynamics is privately held with headquarters in Atlanta, Georgia. For more information on Web application security, visit www.spidynamics.com or call (866) 774-2700.

Source: S.P.I. Dynamics Incorporated

CONTACT:
Ashley Vandiver
SPI Dynamics
+1-678-781-4841
cell: +1-404-432-8657
avandiver@spidynamics.com

Michelle Schafer
Merritt Group
+1-703-390-1525
cell: +1-703-403-6377
schafer@merrittgrp.com

Web site:
http://www.spidynamics.com/
http://www.spidynamics.com/assets/documents/AJAXdangers.pdf
https://download.spidynamics.com/registration/AJAX_webcast.asp
http://www.spidynamics.com/products/index.html

All Topics