Rooting Out Vulnerabilities at the Source
New app aims to help developers find and fix software vulnerabilities during development.Sanctum Inc. on Monday released a new application designed to enable developers to perform security testing and vulnerability assessments of their software during the development process. AppScan Developer Edition 1.5 is targeted mainly at Web application developers and is completely integrated with Microsoft Corp.s Visual Studio .Net software. As a developer goes through the coding process, he can quickly test his code for thousands of common security vulnerabilities such as buffer overruns, format string vulnerabilities and others. To do so, he simply compiles the code and then runs the AppScan process, which is another button on the main VS .Net toolbar. AppScan then scans the code and returns a detailed report that includes a complete description of each vulnerability thats found as well as what the effects of each flaw are. The reports, which are delivered inside a window on the VS .Net desktop, also include remediation instructions for every vulnerability. AppScan DE also gives developers a look at what security implications each fix will have on the rest of the application. This helps eliminate many of the problems that can ripple through an application when a line of code is added or deleted as part of a vulnerability fix.
The introduction of AppScan DE comes at a time when software vendors are placing more and more pressure on their developers to write secure code. Its far cheaper to find and fix vulnerabilities during the development cycle than after a product is released. As a result, companies such as Microsoft have begun holding individual developers liable for the security and integrity of the code they write.