Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


SPI Adds Web Application Security Tools for Java, AJAX



 By: Matt Hines
2006-11-06
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The vulnerability-testing specialist adds support for Java and Microsoft AJAX applications to the latest version of its DevInspect package.

SPI Dynamics launched the newest iteration of its DevInspect Web applications vulnerability testing software on Nov. 6, adding support for programs written in Java and Microsofts flavor of AJAX.

The Atlanta-based software maker introduced several new add-ons to DevInspect 3.0, which promises to help Web applications designers locate potential flaws in their work using so-called black box testing tools in combination with source code inspection technology.

By identifying and verifying exploitable security defects using the automated black box system, and scouring program source code for more common errors, the company maintains that the product provides customers with a hybrid technique for eliminating potential glitches in Web-based systems.

The product also seeks to facilitate more effective communication related to vulnerability reporting and remediation between IT security specialists and software developers.

Resource Library:

Among the features added to DevInspect 3.0 is full support for developers building Web applications in the Java and J2EE programming languages.

The company said the product integrates directly with the Eclipse and IBM Rational Application Developer environments, speeding code writers abilities to secure their work.

SPI is making DevInspect for Java available as a stand-alone tool or as a plug-in for its existing products, and said the package also integrates with IBMs Rational ClearQuest to help foster management of security issues within development teams.

As more companies begin using tools to test for security issues during the development process, allowing for such team interaction is becoming increasingly vital, said Jason Schmitt, group product manager for SPI.

"We definitely see some activity from the security teams in advocating that developers address security at a higher-level, and that there is more top-down direction to encourage that, whereas most developers still dont put security at the top of their priorities," said Schmitt.

Click here to read more about IBMs roadmap for Rational tool development.

"At the same time, every developer doesnt have time to become a security expert, so its key to facilitate better communication between everyone involved to make sure that vulnerabilities dont fall through the cracks."

SPI also announced that through close collaboration with Microsoft, it has added support for Microsoft ASP.NET 2.0 AJAX Extensions in DevInspect 3.0.

As more developers build applications using the AJAX Web services technique, which melds elements of asynchronous JavaScript and XML to increase the interactivity of Web sites, there is increasing demand for related security testing tools, the company says.

At this years Black Hat conference in Las Vegas, SPI lead research engineer Billy Hoffman detailed the growing issue of insecure AJAX applications as businesses rush to adopt the technology without considering all the potential for creating serious vulnerabilities.

Several attacks, including a program hidden on the popular MySpace.com social networking site, have already sought to take advantage of such weaknesses, he said.

Officials with Redmond, Wash.-based Microsoft said the software giant is hoping to encourage more people working with its own flavor of AJAX to embrace applications security technologies.

"As technology such as AJAX aggressively evolves to increase the positive experience of users on the Web, [we] maintain a focused commitment to improving application security," said Brian Goldfarb, group product manager of Microsofts Web Platform and Tools Group at Microsoft.

"SPI Dynamics has worked with Microsoft and the ASP.NET AJAX team to raise awareness of application security issues and deliver developer security solutions that assist in the development of more secure software through the Microsoft Visual Studio platform."

SPI also announced today the release of DevInspect 3.0 for Microsoft Visual Studio Team System, an integrated defect tracking and configuration management offering, which is also aimed at helping developers and security specialists share information on potential vulnerabilities.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: SPI Adds Web Application Security Tools for Java, AJAX
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}r*({EHS%ub[>f 1Em%{^վ>vMiɗdw<56I h4AȹL{B.ܢdw>5*2z@; !&>ڥqɏ} c#8>v@ߩx pfL&^ʾ}%UUlExLԸ!|xB'{GdY u(lƛF[92}dh9-rtȊ3-hG|ݖ|cXul̀QC3EuL_CԿ($JK8=/d<eP=N .4vlr_׼7P7n'3GdYoA6QK6q#6fj mBO|lG?0}5OLE ؖCYGő3ͰLh@6#M-e~/M{iLh8F}sj\.;gW@([0du]+i0n{'Owq@α[A~N7"DT-jR*͒DC{ajLmhd:~Hs|T㕒~T7jJ`)ڑVR\jGFZzO`%pbQU>gSK߾ڤ>9;O|bPUMz 1he+54^tܜn/9n:MvIs!)|v!@qgs j__[r6O|3Q*چa#jI-Gb=ji>wNHA҉,-Yt7QZ,/ dR&rZ~@X*R(Y7G osDfwY .akYMSo`H2 f4 ]p a4[RFp \ aCg`Ual&XJp7є=m̗/d`(%uq:]V$y3DDȝ gO/r.i }`o8y"V\fv]5G殗UuNVWd];yˬt_w9qn?^[wսu5?aYbyƺƻKEHY7-7I09QN}sQVb1xh2ܯCA@U~ 8ʕ81B m]&Gtϭy0;}F{gtdgnۉ!9: ڠN+/6Gͥqf15 @ Tn` V83uCu׹0}UsF}^@E%-DCsGɦMfB:{ǻښA "(QС4}мa qjQ]*vs`=>ho t҇*ܠ>Ԇ.v9.bA/tK4=JIIFh"D&  TAǰEFN@@17w$^Zpp(7ݞH:w&@-3ay?b -xkb$d6g2KIMiG0-&D7r"L/G7Mᙚ&@DݘAW4R#&c0a z {[WgiH`0eA?a!1q SQe`9O<syGPn;A뎒\f335=R1/ƃ5‚L;5m(4sfڰ`ƔDWjm>!2!j0sU/Xcu׵L:*:L:%qK0s k2'̉<\y͏Sۀ}Q1juO'ܑ-ӾȇroBo*څP!_.dA\^*AB1 :d:l'9/*PX3nR6=MJ<Ƨ"ǰA@Q/0}ԙQԽĠ3BZ)zզjl.s-Y"k̒UQf6/KƠ\߮ R]kҞ rT{qfeqS֧񕚲PD@BR)i ҚaY)^(ytNJIעARWs ( TM.r_M md2jeMѪګY5ld xAqFF}$r?-jV SXSq;zE>][E==jbqEa)e@֨ԚLM>a@/ı``sp:pJ.k1sM^^W꺰+]69&A0m "}haaINR~ ش@_oZ,twڵj1ՃI 4䧢RVJ~Dkd"vd\6˰@\m;#Of3n/Ht]ieraPxPSB©9z&|jh0AĉcǛř°0qqXewP~?'57pH} [̜3$!M^&KRI}&Xm4z>=c*O|qVx@ |"=ile>\RXt> J+b$T:$fW߂äh:,G$5O{M{nc>TZUf<z,RJZ5Ɔ86GjZ =6_2z4Ebw}81о< __ p+SM83 Y: ~T}f6݂ /r/4|tqZELYvQ'ЌdH]M;H̎@Oe\Nb_!!Ypw\pRk }FG,GS%+vr4 ]#@$2}cv1'R89'& ~X'%:"pwC)2 Xݚ `1}jDa#G`JESzdQJs8-"vV;gKjZS~R+b::>JЯצ瞏+ӥ ,ć{îcuMa3b/ R=T~e;:{o68F)dzD4@+=q8bk tR+>dV{PBMg7gUE]6U{zn&)j-UӓU=4 -bI'nj-r"9yn2E8ZA1JL;E9Ȳ gX@d̬}#u6iQFy50>OiD_FLTΩ,2R gg^a-'21Ow}\#CpaqgX7n~U=|m,Ln1y%[Ŵ@w)n<0}T3gF>6 ih$dnhAEk5g}zGdCrfz%~^{q{;IA8p꩔Jg P"H@:erฦ̭7O7/UU^SG;:9&!GTPUPHZ3898$X2N*,E%R (NYc Hhٌj_ř kRS+GF* "U!T>OQ| (\{C>k-ڽv?&I\TSQ(Z7M~TUJBЛgaC.Fqihav6Kfb;?dR8-ܛ`,@N|K!O]TJ0%erI8Mq {/;CK,%.@^ذ*]; 1 s4>ZJA-ãEr_. |akR-TA8J3A26Bs=ǣۻmpIiˆ/ K~7)ɡ$h T?LohqLFٽ ~jۣ%l |* NSq- Ϛd2;?Rn:!)il{ٗNχxh?:N9kw>0VvvR'^`6*u.[_Iݏ-sGQ^ٷf K R#bv}ɶWrzjZ5/z~;oC)$;9 ys)^>wI#r޹lKV+Q~\#R@!pWv:<1nmF '%L=X?0\;&W쐖!Rj_׭5'^rt%֒m՘{r!qdQ1n4lS돝5(|eXFoH}XbHH\T dDӻ:o~Nlen/ m D385C*P+bK)"$DFzRF>oIɉ/aIa1:*:{_ۡ'kw?J!~_!c&o8~P2hLufs\|"=Br'V8;=19H/GqǛ"]US(Lш*rޚSd[Bӆ'>sgx!u-0lq%՜a2q;Is6vW[[&Θ!hIdJHc%F =)!Z$IjSfkC@$ğ_҉Iv(+2Bzs gaM6un3μ K: ';[ VH_8_`wND HY)o-yb}YGJ^KJpVK,BrcxZr)fp'xkaWYQ=(wвOUnwg=G:QM{섧q?Il8N*4b(9,_@ٞn`e!̱?jw`{f ~;OvК3}A&ԢnL q;f=;0 1#qtv/;~\BzZTrcW},V9 +0s)<,q?8rfic?%>iפyba~%c$H~ RС;#|$~1xo*=+ǣAlΜu h[Kwfimԕa4 ݥovV:}i?vݷ;ֽii[nơ8 0Nl"$$EUՊZʶfU3$]d NZx~2M#}ݾJf2hAxnl3O7nC\`b]#AK~=˸a ]ek{2{7wʷ.K-T#ekF7_YKT┏2I:%=ڬ-ۥ{﬑LĴhg2덫{lϳGo ?u'ȾF}Զ؁EgX ?*4hgazS`[ʅ=R3#@*yx\]]s71&pRx666y)1hTRwo8{ha3⫆†~@Yk§u,'iƿWc#ޚU>9ds:N0 Dn)4h<a,r[͑3ٹNn 3g)p";pF^bi6YPCSblnFGQ,{>C5=a/M~}WZkGIJ\бs:эY7/iHǞsS/{h,e17v.,KD?q|_a7n<_ڎ7FnSPq&S) XiKZ6A0a) ADjH5o?AFh͇ G碱5a+\&r=;#}/n2h9pHxcj }5 \$eV}ol[K[²LUa%ޔyVv&5<Ni~6 v (fcD8ش 3~iXLx;tegCtnY8Q74fRA L(aѯfǏwh׷t/~^h# ٛxs]>"D:)|McYK̤LX #QiH:F"␢V};iLWʃO / 2ä۴="Lщզl1 ?D~ uM|x%o핡?&.%Su(41NtavpNxH+LšI||`'RDxQ)WO.O(r[$!hv ;Ÿ?(F\kN9.tݧ7Txo?FXJt^qo waDB(l#hF]8rokBe}~r,zD}8ѥIDr ovmRr@Yn2}|4!-(!-DȮ(~aIzŝA*sψ$9q4ښrN!l @`b#d&"lRK!/q/d1Wqy5^R_7`;LV \sj41%RiFc95S*zvzr_jZJӂ,nw9doxE\&<ME(8+3HuP.c NUP*$4@i9^HQU:#>-^a̷vᮥ9\A+Y@>荗A+ +^Vc$W36&<(J|ΜWXEڮJ]s˩^@yj$Z(Lϱz cĞ6R=#)ߛt0LۼeU&x[htowQf1q8 @Lum0h過Dsa8̏XJ01JzV9{6وb rMu,?Pֿ͘$|ɈVsZǦAOcL~@ ZDU<11t#զɝ$7`zg ݩFٽ[!ʃVSv%r&᝺*3;mB7-T͢ j%W0OiFnmdU{V~K";{|h+ṦYiǥ$Y #r'+LIxc#ߔi3`uk+ւ֊6 3F@[j$$O 5VW:iaf\oz~}C @™6^I<y3]\~ =᱕ǰ?>{L'lI|T 9[љX"2V* g>rSH_u|1ˠ#kN1H3)5훟/{ʁRB7FDu2Dt02e*%%cP9 xE{>_ziJ0%&a kE$7Cn#BFxLgVô kfĄ9y-h/ #+?,Qx,[{GǙ9fQZ,tD_%R 1AhtM\"@H>S|ӠѠ=?&~?.KL)asSamna  h`̃2Eܹez?>swe~rt6#<23 ЀkR.ɚCzUQpVM u߃3ɏݑWHlݜ(8&xSccB4_ DPIL~X׻Seď/0 K1cRSJ953ʰLXUˉʗn*̊g2q6&JZ J{AzA dhz߃B LC#*O=FLnyuuvI^ۤwrݹw}޽KXך_ۣn՜nIi}uݹ31z;*:U&By2 ͋6Sr?XԞpi.$ "G}Ƀwᝧ%飲</[5œ0ȲE[C(ӫc921Sl۽8׆C~,ǫ#x]jlE@oAKe> UUp4S^}'vԼT<r"\@/ryC@9>oҁ~orɩ&s$C._Oy礗 z)W@^䕯?4'sYEzvCX^R*4 ௗ}dlڹ:鶒 qʕ({^S_xڞ馕8VӦnq_l ΣF_*KV浭IE<$xEqB*gل}l?2fm܃&1_u9ݣ,N5;H_ehĻ+N։=W\6ppSn$/+ 5W-Mut\ڎvڝ{fe];X;Yo%P.CIsgevN:25OK*WY(n- ǡ_8[ =ݴ}FFއVV+p3lc}k|?W=}}<\5?G{>ؓ/dz37US !Pa໯0 p=s.ŁS wM-<8ӯ.{4vL@G2сN |(U5m_oR-W+w俓kD2 G ԁɪ"+5w9 طV(*D`q:Cdx|D!*eiث,H+rcK>@eNq+j>d)?8s`K:V]L:Aņ/J/ib+l[F0N>@OGݙxt؏,N>n 3cV ݡR'M |<,i`̀tWox_r2&3!U{/Txx ‹%kq`XCMk'lybb)ubrށ2Nc̓]">3Ar:=fهެ" Ctuy5L2@4Wر0.6Ơe @䄸 h!7a=1jܬ$ f~xE_\gAL @qo1h_cd9Lk3cP7:{!fIoლ"G ?> GJF} %$Ie`-߂:3t^ ɡ>Eס郇rCdy`_GBbЗ +&,:3Up&a:8YZt<&~ńnX s#b[MA#>;ul>9+so}clø?>V@.B'0P=Cb S4H :BVESXnA}JV$gg_7b Fy*b5@tgYlVxRDle…Jr. =f0U7VAgL=SY,~ V_Dz~%B+*πZ-sD> :#w=aZO:] v,8^z'Ik=G}c[VeɄK!F1 w&GKxbHqpC>avEE`A^|eD$u@Ч ߆ϨnSC~Xnxٲqh0Ŵ‘Ѷ8d2֭0i# & G0 n=ձ]w O 7G=Ƌrx{KkfфJ89٭!0pX-\ftO6AQ%7 =[-Hʍt/Ast+ 6[  `⎈M@iV9H\*,ylf 4 v93_[mrΧ(@P 9-Byx Ϸ;<v; sCk_4ҵe>v ǯ-(,J^Q4 7tlmb @J\ mQةR5`y+@04{W1S`hwq#1uB(c4g ɟ]챾Wqڶ7(GL#kȅȰ-`j"ö,:u k`=x͙=e-{@32cbcΌ3:2fχŀn{L1F| /Xw4ݱUtc)d̄2 !yyuvҕN袘F$V#00/y암vlHm5GPX1'NR(t3>f0 # ߰·- s+2)>-]8S'ԃ @ZUk.x2lPozc|>[zw0 _jPpP9- ha0+>+c5hsFsq7MC᳋0ЕD3z(g,1.F A(ixUv X *C Q_E@G7dqVĄFѵbBRJfrmuk 60M݄ "4pkq=yeיH pKg<9rg.Y^8XpT/>% ow2b99Ӟ_ydOȅ^_YG7X]r1N0e_:m^t?rJz#@+`gGq^vvQ"+Reju.?$3e=;`olstgd֊>MظӍo3a-d4džIkcmjO}(