Watchfire Adds Web Services Scanning

The software maker introduces tools that comb Web services applications.

Watchfire launched a revamped version of its flagship Web site and applications scanning software on July 17, adding new Web services vulnerability scanning capabilities.

The company introduced the Version 6.5 iterations of both its AppScan and AppScan DE (Developer Edition) packages, promising increased vulnerability auditing features including compliance reporting tools tied directly to the credit card industrys PCI (Payment Card Industry) Data Security Standard.

Along with a growing number of companies that require that their business partners and software developers conform with regulations such as PCI, which major U.S. credit card makers use to test their Web sites and applications for potential loopholes, high-profile data losses are encouraging companies in many different industries to more closely examine their online operations, Watchfire officials said.

As businesses begin to enlist larger numbers of Web services applications, which use the same technologies used in other software programs in a more distributed manner, there is also a growing trend among businesses to begin scanning those tools for vulnerabilities, according to Michael Weider, chief technology officer at the Waltham, Mass.-based company.

"Web services are nothing new, but weve found that a lot of customers recently began deploying these applications on an enterprise level, especially over the last six to 12 months," said Weider.

"In terms of securing the applications themselves before they are launched, very few have been aggressively testing for vulnerabilities, but theres a growing movement around that as well."

/zimages/1/28571.gifClick here to read more about Watchfires Web security services.

Watchfire contends that its software allows users to examine the different programming methods incorporated in each Web service, as well as to manipulate input data and examine feedback from the service.

The system performs Web Services application scans that simulate application-to-application interactions, rather than user-to-application interactions to provide a wider range of advanced SOAP (Simple Object Access Protocol) testing, the company said.

The PCI auditing features allow companies working with American Express, Discover, MasterCard and Visa to test any Web sites or applications that interact with the card providers online transaction systems.

AppScan 6.5 also adds support for two new ISO standards, numbers 17799 and 27001, both of which relate to requirements for secure corporate information systems.

The new version of the product also includes a set of testing features that promise to complement manual testing and offer applications testers a greater level of automation in launching new vulnerability scans.

Weider said that the addition of Web services testing on the part of vulnerability scanning software makers will open up a new market opportunity as companies are eventually forced to enlist the tools by compliance auditors.

"The standards bodies are working on ways to help people define secure Web services, but that is still in flux and a bit of a moving target so it will take a while," he said.

"Companies are getting more comfortable with the business benefits associated with employing Web services, so they will invest in security tools to support that expansion."

/zimages/1/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis in Web services.