Sanctum Inc. announced new versions of its vulnerability testing tool that are targeted at quality assurance (QA) engineers and those who perform software security audits of Web services deployments, the company said.
Unveiled on Monday, AppScan 4.0 QA Edition and AppScan 4.0 Audit Edition will fill out Sanctum's suite of application vulnerability testing tools, joining AppScan DE (developer edition).
The new products are targeted at companies that are investing in Web services technology, at the same time as they are under pressure from regulators to protect the privacy of employees and customers and ensure data integrity, according to Diane Fraiman, vice president of marketing at Sanctum of Santa Clara, California.
Web services use open standards such as XML (Extensible Markup Language) and SOAP (Simple Object Access Protocol) to deliver business applications and services over corporate intranets or the public Internet.
That openess has made Web services an area of concern for companies in industries such as health care and financial services, which are wary of running afoul of recent legislation such as the Health Insurance Portability and Accountability Act of 1996 and the Graham Leach Bliley Act.
The new editions of the AppScan suite offer a number of new features that extend the product's automated testing features to QA engineers, according to Sanctum.
Those features include application change (or "delta") analysis of Web sites. That enables QA engineers to create a snapshot of a Web site that acts as a baseline for testing, then track changes in the type and causes of vulnerabilities as the site develops, Sanctum said.
A new automated-results analysis feature enables engineers to create visual representations of problem areas and explore vulnerabilities, sketching out worst case scenarios for security holes, the company said.
AppScan 4.0 QA Edition also comes with new APIs (application program interfaces) that allow the product to plug in to popular testing platforms. New CLIs (command line interfaces) enable QA engineers to tie AppScan 4.0 directly into existing test scripts, Sanctum said.
In AppScan 4.0 Audit Edition, Sanctum added new tests for security vulnerabilities that will be useful to engineers testing software applications that use XML and SOAP, the company said.
AppScan 4.0 also includes tests for vulnerabilities in common Web services development platforms like .NET from Microsoft Corp., WebSphere from IBM Corp. and Sun Microsystems Inc.'s Sun One, Sanctum said.
While there have been few changes to the underlying AppScan test engine, the new features and functionality extend the product's appeal from software developers through to the people who test developer code and audit software applications for security vulnerabilities, according to Fraiman.
Previous versions of AppScan lacked key features, such as delta analysis, that are common tools among QA engineers, she said.
Sanctum was unable to provide customer references for the new AppScan products in time for this article.
However, the company claims that, together with AppScan DE and AppShield, AppScan 4.0 QA Edition will improve the ability of software companies to test for, identify and remove software vulnerabilities, Fraiman said.
The AppScan 4.0 suite will be available to customers starting in early September.
Companies can purchase an annual subscription license for AppScan 4.0 for US$15,000, the company said.
Perpetual licenses are also available with software updates available for customers who maintain an annual maintenance agreement, Sanctum said. Pricing for the perpetual license program was not available, however.