|
There are three sources of application defects:
- External: Common Web Vulnerabilities (CWVs) are the result of flawed programming or misconfiguration of 3rd Party software (e.g., web servers and CGI scripts)
- Internal: Application-Specific Vulnerabilities (ASVs) are created during application design and development
- Cross-Platform: XML/SOAP related vulnerabilities can be caused by either external factors, internal factors, or through XML/SOAP specific vulnerabilities.
Today, companies must identify security defects in their applications in every case, but how and when companies do so depends completely on the source of the security defects. Catching and fixing ASVs during the development and testing of applications reduces dramatically the cost of fixing these types of security defects. One estimate is that it costs seven times more to fix a defect once the application's been deployed than it would have if it had been caught during the pre-deployment testing process.
Integrating AppScan 4.0 into existing testing processes is simple because:
- AppScan 4.0 creates, modifies, and manages tests automatically
- AppScan 4.0 is scriptable so that testers can build security testing into existing test scripts
- AppScan 4.0's results can be exported in standard formats like CSV for import into 3rd Party defect reporting and management systems.
In short, the most inexpensive and effective way to eliminate application security defects is to catch them as early as possible. To this end, AppScan 4.0 integrates into any application development and testing process in order to catch ASVs and enable developers to fix them before it gets exponentially more expensive and more risky to do so. Finally, cross-platform vulnerabilities results from XML/SOAP applications can be discovered through AppScan 4.0's newly updated ability to detect and flag XML/SOAP vulnerabilities whether simple or complex.
|