Watchfire Releases Web-Based Security Scanning Tool

CTO sees a push to finds flaws early in the software development lifecycle.

Watchfire has released a new vulnerability scanning and reporting tool aimed at finding security flaws early in the software development lifecycle.

Appscan Enterprise 5 features Web-based scanning and on-demand training designed to simplify application security for developers, Watchfire officials said.

The product can be installed on a central server, making it easy for companies with a large workforce to deploy and monitor, Watchfire CTO and founder Michael Weider said in an interview with eWeek.

"Its way easier for companies to deploy because its all thin client over the Web," Weider said.

/zimages/3/28571.gifRead more here about Watchfires role in online business security.

The new release features Quickscan, Watchfires answer to the call for simplified security products. Quickscan requires no desktop software installation—developers need only point and shoot the Web-based QuickScan at their application. QuickScan relies on administrator-defined scan templates, and results are presented in a "Developer Task List" format.

In addition, AppScan Enterprise 5, allows application vulnerabilities to be correlated with source code issues uncovered by Fortify Softwares SCA Suite. The integrated scan results eliminates the burden of having to weed through voluminous code scan results to ascertain what needs to be fixed, Watchfire officials said.

More and more developers, Weider said, are taking an interest in doing their own testing—a fact that can only create stronger products. Still, many developers do not have strong backgrounds in application security and 90 percent of applications fail at the security test phase, he said. Many developers also have only a small staff to attend to the issue, he argued.

"Typically their security teams are very small—and theres only sort of two to three people on the security team and they just cant test all of the applications themselves without getting some help from other folks because there may be hundreds of applications, or even thousands," he explained.

"But if I can get Deb in QA to find these problems before it gets to (security analysts), I will have way less applications fail at the security test phase," he said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.