Data and Database Management Software
Security Software integrates with MS Visual Studio 2005.
Press Release Summary:
DevPartner SecurityChecker 2.0 security assessment tool accelerates development of secure ASP.NET applications. It achieves application security by automatically identifying vulnerabilities through combination of code scanning and run-time analysis, and penetration testing techniques to pinpoint location of vulnerability in source code. Other features include integrity rules, examining HTTP headers for cookie and page caching vulnerabilities, and reduction of false positive reporting.
Original Press Release:
Compuware Improves Security of Web Applications with New Product and Service Offerings
SAN FRANCISCO, Jan. 30 / -- Compuware Corporation (NASDAQ:CPWR) today announced the general availability of Compuware DevPartner SecurityChecker 2.0 at the VSLive! San Francisco Conference (booth #706). This new version of Compuware's security analysis tool offers full integration with Microsoft Visual Studio 2005, enabling development and testing teams to improve the quality of their Microsoft ASP.NET Web applications by quickly locating and fixing security vulnerabilities early in the application life cycle, saving time and money. Compuware also announced at VSLive! a new services offering to help organizations improve application security.
"Microsoft is pleased that DevPartner SecurityChecker 2.0 supports and integrates with Visual Studio 2005," said Rick Samona, product manager of the .NET Developer Product Marketing Group at Microsoft Corp. "With application security becoming such a critical concern for IT organizations, DevPartner SecurityChecker helps development and testing teams locate and identify security vulnerabilities to secure their applications from attacks."
DevPartner SecurityChecker is a security assessment tool that accelerates the development of secure ASP.NET applications. DevPartner SecurityChecker helps efficiently achieve application security by automatically identifying security vulnerabilities through a combination of both white-box (code scanning and run-time analysis) and black-box (penetration testing) testing techniques and pinpoints the location of the vulnerability in source code. By automating the security vulnerability detection process, DevPartner SecurityChecker helps developers deliver secure ASP.NET Web applications on time and on budget.
"Seventy-five percent of application attacks occur at the application level. Security is another facet of quality -- and like quality, security must be built into the application, not tested at the end of the development cycle," said Theresa Lanowitz, Research Director at Gartner, Inc., in her report. "In today's IT organization, new issues such as compliance, regulations, risk management and ever-changing priorities are increasing the focus on application security. Information, plans and requirements regarding security must begin at the application level."(1)
New features and enhancements in DevPartner SecurityChecker 2.0 include:
o Full integration with Visual Studio 2005 with the Microsoft .NET
Framework 2.0.
o Reduction of false positive reporting.
o Improvements for creating and managing discovery maps.
o Improvements to existing SQL Injection, Cross-Site Scripting (XSS), and
Parameter Tampering vulnerability detection.
o Thirty new Integrity rules, including rules for finding:
o Google Hacking vulnerabilities such as pages containing configuration
information, hidden content, error information, and points of entry.
o Hidden developer information that can be unlocked and viewed by an
attacker, like debugging data.
o Examining HTTP headers for cookie and page caching vulnerabilities.
o Exploiting a vulnerability to bypass the default ASP.NET validation
procedure that allows an application to be vulnerable to Cross-Site
Scripting (XSS) attacks.
"DevPartner SecurityChecker 2.0 helps me and my development team find and fix vulnerabilities in our ASP.NET applications," said beta tester, Bernd Oerding, Head of Development CAD/GIS at HHK Datentechnik GmbH. "With DevPartner SecurityChecker 2.0, we were able to check our code and see all of the errors and possible security risks as well as get detailed information on how to address and resolve the security issues, helping to improve the overall code quality and security of our applications."
Compuware also offers a Security Assessment for ASP.NET applications to those organizations that require specific expertise. This service offering combines the proficiency of Compuware IT professionals with the strengths of DevPartner SecurityChecker, allowing IT and development staffs to accurately assess the security vulnerabilities of an ASP.NET application. Through this service offering, a Compuware technician will review the identified application and then perform a security assessment using Compuware DevPartner SecurityChecker, applying three analysis modes to the application. These modes will focus on code-base analysis, run-time analysis and simulation of attacks from a hacker's point of view. The Compuware consultant will then deliver a detailed report to the customer that the customer can use to investigate and correct found vulnerabilities.
"DevPartner SecurityChecker squarely addresses one of the growing concerns of our customers: application security," said Bob Barker, Vice President of Strategic Planning at Compuware Corporation. "By employing DevPartner SecurityChecker, IT managers ensure that their teams are taking the appropriate measures to mitigate the business risk associated with Web application vulnerabilities."
DevPartner SecurityChecker 2.0 is currently available and shipping at a U.S. list price of $12,000 per concurrent user. Volume discounts are available.
Other Compuware products that currently support Visual Studio 2005 are DevPartner Studio 8.0 and DevPartner Fault Simulator 1.5. In Spring 2006, Compuware plans to release the next version of its functional testing tool, Compuware TestPartner, which will support and integrate with Microsoft Visual Studio 2005 Team System. Compuware will demonstrate all of these solutions at the VSLive! San Francisco Conference (booth #706).
Compuware Quality Solutions across the application life cycle enable enterprises to build, test and manage high-quality applications using Microsoft, Java, mainframe and Web technologies. These solutions work together to deliver value to enterprises that depend upon mission-critical applications to remain competitive in increasingly complex and demanding business environments.
Compuware Corporation
Compuware Corporation (NASDAQ:CPWR) maximizes the value IT brings to the business by helping CIOs more effectively manage the business of IT. Compuware solutions accelerate the development, improve the quality and enhance the performance of critical business systems while enabling CIOs to align and govern the entire IT portfolio, increasing efficiency, cost control and employee productivity throughout the IT organization. Founded in 1973, Compuware serves the world's leading IT organizations, including more than 90 percent of the Fortune 100 companies. Learn more about Compuware at www.compuware.com/ /.
For Compuware Sales or Marketing Information
Compuware Corporation, One Campus Martius, Detroit, MI 48226, 800-521-9353, www.compuware.com/
Compuware Press Contact
Kayla White, Compuware Corporation, office: 313-227-1402, mobile: 248-761-0304, kayla.white@compuware.com
(1) Gartner, Inc: "Now is the Time for Security at the Application Level" by Theresa Lanowitz. December 1, 2005
Source: Compuware Corporation
Web site: www.compuware.com/
