Compuware Tool Tightens .Net Application Security

DevPartner SecurityChecker 2.0 improves the quality of Microsoft ASP.Net Web applications by quickly locating and fixing security vulnerabilities early in the application life cycle.

SAN FRANCISCO—Compuware released Jan. 30 a new version of its security analysis tool, DevPartner SecurityChecker 2.0, which will support Visual Studio 2005.

The company also announced a new security assessment offering to help organizations improve application security.

At the VSLive conference here, Detroit-based Compuware launched a new version of its DevPartner SecurityChecker 2.0 security analysis tool, which enables development and testing teams to improve the quality of their Microsoft ASP.Net Web applications by quickly locating and fixing security vulnerabilities early in the application life cycle, saving time and money.

DevPartner SecurityChecker helps organizations secure applications by automatically identifying security vulnerabilities through a combination of white-box (code scanning and run-time analysis) and black-box (penetration testing) testing techniques and pinpoints the location of the vulnerability in source code, according to John Carpenter, the tools product manager.

/zimages/2/28571.gifClick here to read about Compuwares enhancements to its application quality solutions.

New features include full integration with Visual Studio 2005 and the Microsoft .Net Framework 2.0. Other features include the reduction of false positive reporting; improvements to creating and managing discovery maps; and improvements to existing SQL Injection, Cross-Site Scripting (XSS) and Parameter Tampering vulnerability detection, Carpenter said. A discovery map tells where all the security features are in your application, said Ken Cowan, DevPartner product line manager.

In addition, DevPartner SecurityChecker 2.0 includes 30 new integrity rules, including rules for finding Google hacking vulnerabilities such as pages containing configuration information, hidden content, error information and points of entry; hidden developer information that can be unlocked and viewed by an attacker, like debugging data; examining HTTP headers for cookie and page caching vulnerabilities; and exploiting a vulnerability to bypass the default ASP.Net validation procedure that allows an application to be vulnerable to XSS attacks, Carpenter said.

Meanwhile, the Compuware Security Assessment for ASP.Net applications enables a technician to review the identified application and then perform a security assessment using Compuware DevPartner SecurityChecker, applying three analysis modes to the application. These modes will focus on code-base analysis, run-time analysis and simulation of attacks from a hackers point of view.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis in programming environments and developer tools.