From Dark Reading:
IBM today will release a new version of the Watchfire AppScan vulnerability scanning tool that can test for the pervasive cross-site request forgery (CSRF) vulnerability found in many Web applications.
The Rational AppScan Standard Edition 7.7 represents the first new release of the Web app security scanning tool since IBM acquired Watchfire in July. (See IBM to Enter Web App Security.) It’s been a big month for IBM in security — the company rocked the industry last week with an announcement that it will invest a whopping $1.5 billion in security next year.
The AppScan vulnerability scanner — which finds and reports on Web application security vulnerabilities — is also now aimed at non-security experts as well. “In the past, our audience has been only security experts, but we’re seeing application security become a more mainstream issue,” says Mike Weider, CTO and director of R&D for Watchfire, an IBM company. “The QA [quality assurance] engineer is not only doing functional testing, but also doing security testing as well.”
AppScan comes with several built-in features aimed at making it easier to use for non-security pros, with more user-friendly reporting features, as well as built-in, Web-based app security training and courseware. The new State Inducer feature, for instance, helps testers automatically scan applications that have multi-step processes, such as an online ordering app with shopping cart and checkout features. Security pros previously have had to manually test each of these processes, according to IBM.
[tags]IBM Watchfire, Watchfire, AppScan[/tags]
