SPI Tool Measures Web App Security Risk

As enterprises increasingly move to Web-based applications, SPI's AMP 2.0 helps them stay on top of vulnerabilities.

SPI Dynamics Inc. unveiled Monday a management platform for measuring Web application security risk.

AMP (Assessment Management Platform) 2.0 consolidates network scanning across enterprise networks and adds features like scheduling for Web application scans, user role-based access control and auditing, said Erik Peterson, SPI Dynamics vice president of product marketing.

AMP works with SPIs WebInspect Web application security scanning software. Using a dedicated AMP server, companies can centralize management of WebInspect scanners. A SQL database on the AMP server collects Web application scan data and allows managers to do application risk assessment. Data collected offline by WebInspect scanners can also be synchronized with AMP once the device comes online. In addition, it can discover unknown Web applications running on an enterprise network, Peterson said.

SPI is planning to extend AMP support to its QAInspect and DevInspect Web application security products. That would enable the new platform to be used to track Web application security for an entire development cycle, through quality assurance and into production, Peterson said.

Once the province of security specialists, Web application security is becoming a pressing topic for network administrators, as well as development teams, Peterson said.

/zimages/3/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Enterprises are aggressively pursuing Web services implementations for critical business applications. At the same time, major IT vendors like Google and Microsoft are shifting to a "software as a service" model that relies heavily on Web-enabled applications that run over the public Internet. Both trends increase companies exposure to Web application security vulnerabilities, said Caleb Sima, founder of SPI.

In a separate announcement, SPI said that a new version of WebInspect, Version 5.8, supports automated security assessments of Web applications that use AJAX (Asynchronous JavaScript and XML) technology, a fast-growing new development tool that enables Web applications like Googles Google Maps service.

AMP 2.0 is available immediately; pricing starts at $60,000. AMP support for QAInspect and DevInspect is scheduled for 2006, Peterson said.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.