Kenai Systems Inc. has introduced technology for testing Web services for security issues as the services are being developed.
The Rocklin, Calif., companys ExamineST Web services security tool provides vulnerability assessment to test for security problems with Web services at their development phase, said Bill Kesselring, CEO of Kenai.
ExamineST enables developers to import Web Services Description Language (WSDL) files and test them for compliance with the WS-Security specification and search for other software vulnerabilities.
Kenais technology entered beta in October. “The tool is a client that allows you to test Web services in real time,” Kesselring said. “We found that the find-and-fix capability is something developers really valued.”
“I havent seen any other tools on the market that test for security vulnerabilities,” said Anne Thomas Manes, an analyst with the Burton Group Inc. “Examine is a general-purpose testing tool. It competes with products like Parasoft SOAPtest and Mindreef SOAPscope. Neither of these tools gives you the security vulnerability testing that ExamineST gives you. Id say its very unique.”
Matthew Silveira, a principal consultant at Objective Business Solutions Inc., in San Jose, Calif., and a beta user of the Kenai technology, said, “The crucial feature that we like about the product is it allows us to speed in vulnerability detection with our clients.”
Indeed, said Silveira, “there is a need to ensure that the QA [quality assurance] test process also fits in with the need for rapid deployment, and we can ensure weve done due diligence with a Web service regarding vulnerabilities.”
Silveira also said he believes it is “crucial” to test for vulnerabilities at the development phase “because the classic issue is to test for vulnerability at the end of the development phase, but that is a practice that leads to additional vulnerabilities,” he said. “The goal is from the point of requirements and the initial mockup and prototype that you can begin security testing and do security analysis. Having tools like this is critical to ensure that youre not innocently introducing vulnerabilities.”