Applications security vendor Sanctum Inc. has released a new version of its flagship AppScan tool designed to make the security testing process more efficient.

AppScan 4.5 QA and Audit Edition includes automatic testing of application-specific vulnerabilities related to Web services applications incorporating XML and SOAP.

In addition, a suite of privacy tests has been added that can detect whether a login request, password or input text field with sensitive data was sent unencrypted, whether a cookie was sent over SSL without the "secure" attribute, or whether sensitive session information was stored in a permanent cookie on disk.

Also, advanced fix recommendations have been added for .NET and J2EE applications, and more built-in templates are included to help automate compliance with U.S. regulations and European Union directives.

In a new reporting feature, test results can be consolidated into collapsible and expandable groups according to the name of the test and the link, to provide an understanding of results more quickly.

"Customers are telling us they want as much control over what they test and when they test as possible," says Diane Fraiman, vice president of marketing with Sanctum. "We continue to give them more power over what tests they can turn on and off."

For example, testing of login/logout pages can present obstacles related to session management. AppScan 4.5 provides an option to exclude or include the login/logout pages as appropriate during an automated testing cycle. Those pages can be tested manually at a later time.

AppScan 4.5, sold either as a standalone subscription or perpetual license, starts at $15,000 for a single user for a one-year subscription. An AppScan Enterprise perpetual software license, allowing a mix of AppScan editions for developers, QA testers and auditors, starts at $75,000.00.