Sanctum focuses on QA, Web services with Appscan

Sanctum Inc. announced new versions of its vulnerability testing tool that are targeted at quality assurance (QA) engineers and those who perform software security audits of Web services deployments, the company said.

Unveiled on Monday, AppScan 4.0 QA Edition and AppScan 4.0 Audit Edition will fill out Sanctum's suite of application vulnerability testing tools, joining AppScan DE (developer edition).

The new products are targeted at companies that are investing in Web services technology, at the same time as they are under pressure from regulators to protect the privacy of employees and customers and ensure data integrity, according to Diane Fraiman, vice president of marketing at Sanctum of Santa Clara, California.

Web services use open standards such as XML (Extensible Markup Language) and SOAP (Simple Object Access Protocol) to deliver business applications and services over corporate intranets or the public Internet.

That openess has made Web services an area of concern for companies in industries such as health care and financial services, which are wary of running afoul of recent legislation such as the Health Insurance Portability and Accountability Act of 1996 and the Graham Leach Bliley Act.

The new editions of the AppScan suite offer a number of new features that extend the product's automated testing features to QA engineers, according to Sanctum.

Those features include application change (or "delta") analysis of Web sites. That enables QA engineers to create a snapshot of a Web site that acts as a baseline for testing, then track changes in the type and causes of vulnerabilities as the site develops, Sanctum said.

A new automated-results analysis feature enables engineers to create visual representations of problem areas and explore vulnerabilities, sketching out worst case scenarios for security holes, the company said.

AppScan 4.0 QA Edition also comes with new APIs (application program interfaces) that allow the product to plug in to popular testing platforms. New CLIs (command line interfaces) enable QA engineers to tie AppScan 4.0 directly into existing test scripts, Sanctum said.

In AppScan 4.0 Audit Edition, Sanctum added new tests for security vulnerabilities that will be useful to engineers testing software applications that use XML and SOAP, the company said.

AppScan 4.0 also includes tests for vulnerabilities in common Web services development platforms like .NET from Microsoft Corp., WebSphere from IBM Corp. and Sun Microsystems Inc.'s Sun One, Sanctum said.

While there have been few changes to the underlying AppScan test engine, the new features and functionality extend the product's appeal from software developers through to the people who test developer code and audit software applications for security vulnerabilities, according to Fraiman.

Previous versions of AppScan lacked key features, such as delta analysis, that are common tools among QA engineers, she said.

Sanctum was unable to provide customer references for the new AppScan products in time for this article.

However, the company claims that, together with AppScan DE and AppShield, AppScan 4.0 QA Edition will improve the ability of software companies to test for, identify and remove software vulnerabilities, Fraiman said.

The AppScan 4.0 suite will be available to customers starting in early September.

Companies can purchase an annual subscription license for AppScan 4.0 for US$15,000, the company said.

Perpetual licenses are also available with software updates available for customers who maintain an annual maintenance agreement, Sanctum said. Pricing for the perpetual license program was not available, however.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?