|
Watchfire's AppScan, a simple and effective tool for assessing the security profile of Web Services applications, gets excellent marks especially for abilities that are easy to include in each phase of the development process. Such abilities help to identify and reduce risk before problems cause substantial damage. With AppScan, vulnerabilities are found through a three-phase approach that entails Explore, Analyze, and Test functions. Explore makes AppScan interact with the Web services by sending SOAP Web services requests and receiving responses. During Test, AppScan submits multiple requests to an application based on Explore results, and the Scan phase executes. Topics covered are creation and execution of tests and the test catalog. A list of categories in the catalog includes privacy, authentication, authorization, client side, command execution, information disclosure, and logical. Testers found that AppScan is very useful for everyday development work. For instance, AppScan tests might be included in night-time tasks and milestone builds, and results would be used to find and fix problems before they get to formal testing. AppScan allows users to carefully protect corporate assets and to meet regulatory requirements governing collection, utilization, and publication of data.
|
Information Sources, Inc.
![[Get Copyright Permissions]](http://license.icopyright.net/images/icopy-w.gif){kind=small}