Watchfire Introduces AppScan 7.6 and New OnDemand Application Security Service
Share:
New OnDemand Software as a Service Offering Leverages AppScan 7.6 and Watchfire's Premier Web Application Security Experts to Address Web Vulnerabilities for Any Size Organization
WALTHAM, MA - July 16, 2007 -Watchfire, the market-leading provider of web application vulnerability assessment software and services, today introduced AppScan® 7.6, the latest enhancement of the Company's flagship product, and AppScan OnDemand, a new outsourced service to manage web application vulnerability assessments. The new AppScan OnDemand service makes it easy for organizations of all sizes and at various stages in the security testing maturity model to benefit from the latest features of AppScan 7.6, which offers the best combination of customization, control and scanning accuracy performed by top web application security experts in the industry.
The new OnDemand service is ideal for companies with little application security expertise, for those purchasing third-party software, or for organizations that need to analyze business partners to ensure they meet acceptable security standards. With AppScan OnDemand, organizations can focus directly on fixing vulnerabilities discovered by AppScan, once Watchfire's security experts have scanned, analyzed and provided fix recommendations and best practices. AppScan OnDemand requires no installation or hardware-reducing cost and labor, and giving organizations with little or no in-house security expertise the option of basic, comprehensive and advanced vulnerability assessments.
o Basic Vulnerability Assessment: This is the entry level AppScan OnDemand offering and is designed for simple applications whereby Watchfire experts will run AppScan and provide analysis and recommendations.
o Comprehensive Vulnerability Assessment: Watchfire experts conduct a comprehensive security scan using AppScan and incorporate manual testing and exploitation of findings. This caters to medium to large applications with heavy user access levels.
o Advanced Application Security Test: This is the premium offering and is designed to accommodate the largest and most complex applications. This service incorporates a comprehensive security test combined with manual techniques to give a full application level assessment.
AppScan OnDemand complements Watchfire's AppScan Enterprise OnDemand by providing analysis and recommendations on a per-application basis versus providing managed services for corporate-wide deployments (please see www.watchfire.com/products/appscan/appscanondemand.aspx for more details).
For customers who prefer to deploy software in-house, AppScan 7.6 continues Watchfire's focus of automating a greater portion of the application security testing problem, while providing users greater flexibility and control. Enhancements include new PHP fix recommendations geared to address one of the fastest growing web development platforms and a SQL Injection Exploit eXtension that can enable a further reduction of false positives by demonstrating and validating the presence of this dangerous vulnerability. Watchfire continues to demonstrate its leadership position by staying ahead of changing web exploits within the Web 2.0 environment, coupled with superior reporting capabilities. The net result is that customers are provided with greater insight into the security issues that must be resolved to protect today's complex and dynamic web environments.
"Web application security has moved to the mainstream and organizations, regardless of size, are rushing to put processes and practices in place to effectively address this growing threat," said Peter McKay, president and CEO, Watchfire. "AppScan OnDemand provides customers the best technology from our new AppScan 7.6 release, harnessing the unmatched expertise that Watchfire can provide from more than a decade of leadership. Watchfire does the work of identifying the most dangerous threats, so customers can focus their time and resources on fixing vulnerabilities. Watchfire has a solution for companies at any stage in the security testing maturity model including those currently struggling with where to begin or those who are ready to scale application security testing across the enterprise."
Benefits of AppScan OnDemand Include:
o Three levels of outsourced web application vulnerability management services to assist organizations of all sizes and at various stages in their security testing
o Access to Watchfire security experts and industry best practices
o Eliminates hidden costs associated with software deployment and ongoing administration
o Quickest path to actionable data for web application security management
o Reduced learning curve and adoption time
o Shields against knowledge loss from turnover or reorganization
Additional AppScan 7.6 Capabilities Include:
SQL Injection Exploit: Enables a reduction of false positives by validating the identification of a vulnerability. This new eXtension attempts automatic extraction of database tables to exploit one of the most dangerous vulnerabilities, SQL Injection, allowing for stronger visual demonstration of the impact of the discovered vulnerability. This eXtension is available from axf.watchfire.com PHP fix recommendations: Geared to address one of the fastest growing web development platforms, Watchfire is the first vendor to introduce fix recommendations to help customers understand and remediate issues on the PHP platform in addition to ASP.NET and J2EE.
Developer Essentials Test Policy: Targets issues of primary interest to developers. Developers' efforts in web application security can now be optimized with a high accuracy policy that focuses on the highest impact issues that are easiest to find, understand and fix.
New Compliance Reports: The industry's most comprehensive compliance reporting solution, AppScan includes 41 out-of-the-box compliance reports, including new NIST 800-53 (National Institute of Standards and Technology) and the latest "OWASP Top Ten 2007."
AppScan Reporter for Microsoft PowerPoint®: Continuing the momentum of the AppScan eXtension Framework introduced earlier this year, this new eXtension allows users to export scan results into a customized PowerPoint presentation, straight from AppScan.
Pricing and Availability:
AppScan 7.6 is available immediately as an individual offering, with pricing starting at $14,400. For more information and to download AppScan 7.6 please visit https://www.watchfire.com/securearea/appscan.aspx.
AppScan OnDemand is available immediately, with three convenient levels of service starting at $5,000.
About Watchfire
Watchfire is the leading provider of web application security software and the only company to offer an end-to-end solution including intelligent fix recommendations to evaluate, understand and resolve issues. More than 800 enterprises and government agencies, including AXA Financial, SunTrust, HSBC, Vodafone, Veterans Affairs and Dell rely on Watchfire to identify, report and help remediate security vulnerabilities. Watchfire has been the recipient of several industry honors including: winning an unprecedented three out of five 2007 SC Magazine Excellence Awards (including Best Security Company); the HP/IAPP Privacy Innovation Award; Computerworld's Innovative Technology Award; winner of the Dr. Dobb's 2007 Jolt Product Excellence Awards; and "Recommended" rating by Computer Reseller News. For two years in a row, Watchfire has been named by IDC as the worldwide market share leader in web application vulnerability assessment software. Watchfire's partners include IBM Global Services, Fortify, PricewaterhouseCoopers, Sapient, Microsoft, Interwoven, EMC Documentum and Mercury. Watchfire is headquartered in Waltham, MA. For more information, please visit www.watchfire.com.
On June 6, 2007 IBM announced it entered into an agreement to acquire Watchfire. The acquisition is subject to customary regulatory approvals and is expected to close in the third quarter of 2007.
Watchfire, WebXM, AppScan, PowerTools and the Flame Logo are trademarks or registered trademarks of Watchfire Corporation. All other products, company names, and logos are trademarks or registered trademarks of their respective owners.
