SPI Dynamics Inc. unveiled Monday a management platform for measuring Web application security risk.
AMP (Assessment Management Platform) 2.0 consolidates network scanning across enterprise networks and adds features like scheduling for Web application scans, user role-based access control and auditing, said Erik Peterson, SPI Dynamics vice president of product marketing.
AMP works with SPIs WebInspect Web application security scanning software. Using a dedicated AMP server, companies can centralize management of WebInspect scanners. A SQL database on the AMP server collects Web application scan data and allows managers to do application risk assessment. Data collected offline by WebInspect scanners can also be synchronized with AMP once the device comes online. In addition, it can discover unknown Web applications running on an enterprise network, Peterson said.
SPI is planning to extend AMP support to its QAInspect and DevInspect Web application security products. That would enable the new platform to be used to track Web application security for an entire development cycle, through quality assurance and into production, Peterson said.
Once the province of security specialists, Web application security is becoming a pressing topic for network administrators, as well as development teams, Peterson said.
Enterprises are aggressively pursuing Web services implementations for critical business applications. At the same time, major IT vendors like Google and Microsoft are shifting to a “software as a service” model that relies heavily on Web-enabled applications that run over the public Internet. Both trends increase companies exposure to Web application security vulnerabilities, said Caleb Sima, founder of SPI.
AMP 2.0 is available immediately; pricing starts at $60,000. AMP support for QAInspect and DevInspect is scheduled for 2006, Peterson said.