AppScan Tests for Vulnerabilities During the Development Cycle | eWeek

AppScan Tests for Vulnerabilities During the Development Cycle

Écrit par
Dennis Fisher
Dennis Fisher
Feb 17, 2003
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Sanctum Inc. last week released an application designed to enable developers to perform security testing and vulnerability assessments of software during the development stage. AppScan Developer Edition 1.5 is targeted at Web-application developers and is integrated with Microsoft Corp.s Visual Studio .Net software.

As a developer goes through the coding process, he or she can quickly test the code for thousands of common security vulnerabilities such as buffer overruns and format string vulnerabilities. To do so, the developer simply compiles the code and runs AppScan, which is a button on the main VS .Net tool bar.

AppScan scans the code and returns a detailed report that includes a complete description of each vulnerability thats found, as well as what the effects of each flaw are. The reports, which are delivered inside a window on the VS .Net desktop, include remediation instructions for every vulnerability.

AppScan DE also gives developers a look at what security implications each fix will have on the rest of the application. This helps eliminate many of the problems that can ripple through an application when a line of code is added or deleted as part of a vulnerability fix.

The introduction of AppScan DE comes at a time when software vendors are placing more and more pressure on developers to write secure code. Its far cheaper to find and fix vulnerabilities during the development cycle than after a product is released. As a result, companies such as Microsoft have begun holding individual developers liable for the security and integrity of the code they write.

In fact, Microsoft, of Redmond, Wash., has been testing the product in-house for some time and is going to give it to some of its top customers in a two-week extended beta program.

And performing this kind of testing during the development process can help shorten the time to market and reduce the overall costs of the product development, Sanctum officials said.

“Most developers dont really have any security training, so they dont know what to look for,” said Steve Orrin, chief technology officer of Sanctum, based in Santa Clara, Calif. “Its through no fault of theirs; we werent taught anything about security in school. Thats just starting to happen now. Thats why something like this is needed. It gives them a road map of what to do.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.