Why Wait For Hackers?
EIT Toolkit: DevPartner SecurityChecker helps ASP.NET developers find potential security vulnerabilities in their code while they're still writing it.
Testing new applications for security weaknesses is a process that is often performed from the outside-in. Security administrators and/or Q/A teams receive applications that are already in their near-final form for testing, and they proceed to bombard them with various forms of hack attempts--either manually or systematically via specialized tools--in order to determine their vulnerabilities. Or, even worse, the product could be released with no such security testing done at all; relegating the vulnerability testing of the application to the actual attackers waiting to exploit their weaknesses. Needless to say, should vulnerabilities be discovered at this phase it's too late: The barbarians have already breached the fortress. And even if you do have in-house black-box testing, vulnerabilities found at such a late stage in the development of the product can be costly; both in terms of the effort needed to correct the issues and the inevitable product delays.
Compuware this week released the latest version of their DevPartner SecurityChecker tool, which seeks to back the security testing of an application all the way up to the early development phase. The utility can be used for both white-box and black-box security testing of an application; with the white-box methods examining the actual code itself for security vulnerabilities and directly reporting the offending code for speedy remediation. Such inside-out testing helps the organization catch security vulnerabilities in their applications throughout the development process, from the moment the code can compile.
Among the other highlighted entries in this week's collection of Enterprise IT Planet Product Guide briefings is an EMC trifecta: Symmetrix DMX-3 will soon qualify for use with up to 2,400 drives (that's over a Petabyte of disk storage); Centera debuts enhanced file retention capabilities in the Governance and Compliance Edition Plus versions; and for those of you who want NAS file access with SAN-like performance, the Celerra Multi-Path File System will soon be available for iSCSI implementations.
- DevPartner SecurityChecker
- SD4000 Series
- Celerra MPFS/MPFSi
Featured Security Products:
Assessment tool analyzes ASP.NET code for security vulnerabilities during the development cycle. New release adds over thirty new integrity checking rules and Visual Studio 2005 integration.
ForeScout Technologies, Inc.
Appliance-based platform provides agent-less Network Access Control, intrusion prevention, and vulnerability assessment capabilities. Now able to detect/disable rogue wireless access points.
GFI Software Ltd.
Server based anti-spam filter for MS Exchange or SMTP/POP3 E-mail servers. Now with anti-phishing capabilities.
Featured Networking Products:
Devices provide the ability to remotely access a device over the Web, through the LAN, or via dial-up access. Includes tunneled VNC, RDP, and HTTP access capabilities.
Provides a centralized means for corporations to collect, store, and analyze asset information from individual workstations over the network.
Featured Storage Products:
Software platform for use with EMC Celerra gateways provides for NAS based file access from clients with SAN data delivery performance. Soon to be available for iSCSI.
Disk-based, Content Addressed Storage platforms for fixed content storage. Governance and Compliance versions now include enhanced retention capabilities including event-based retention and litigation holds.
High-end network storage arrays are based on the vendor's Direct Matrix Architecture. DMX-3 now qualified for up to 2,400 drives.
XML-based information storage and retrieval platform with multiple modules for both the capture and retrieval of data. New features include redaction capabilities and a Workflow Module.
This article was first published on EnterpriseITPlanet.com.