News
SPI Dynamics Bolsters Web 2.0 App Testing
SPI Dynamics WebInspect 7 tests fully secure Web applications.
Application testing has always been a difficult business, but in the age of continuously updated, network-facing Web applications, it's become nearly impossible. Frequent code changes, shifting client and network conditions, and the need for always-on operation make inspecting application code for flaws and vulnerabilities a difficult task.
SPI Dynamics, makers of the app development package DevInspect, last month released a new product and technology platform targeting Web applications. WebInspect 7 provides visibility into Web 2.0 applications employing technologies such as AJAX, JavaScript, Flash and SOAP to automate code scanning and report flaws in real time. Support for two-factor authentication allows WebInspect to fully test secure Web applications, including those employing CAPTCHA-based authentication.
WebInspect 7 includes numerous performance-related enhancements, most notably Simultaneous Crawl and Audit (SCA), which enables the code crawl and audit stages to be run in parallel. SPI Dynamics claims that SCA can deliver results to analysts within seconds of beginning an application scan, while cutting total scan times in half. The new product also supports concurrent scans across multiple applications.
Improving Adoption, Growing Compliance
The arrival of testing products designed specifically for Web 2.0 apps could help improve adoption of technologies like AJAX and Flash among corporate development shops. According to a recent study by Forrester Research, corporate developers have been slow to deploy Web 2.0 technologies. In a survey of enterprise and small to midsize business (SMB) technology decision makers, Forrester found that just 1 percent of enterprise shops and 5 percent of SMB shops reported deploying AJAX applications. Reported adoption of Adobe Flash and Flex was also low, with 1 percent of enterprises and 10 percent of SMBs reporting use of these development technologies.
WebInspect 7 also boasts a refreshed interface and tools for tuning scans to specific needs, including the growing area of compliance. The product includes more than 20 pre-built policies tuned for compliance initiatives such as HIPAA and Sarbanes-Oxley. Analysts can also edit or create policy profiles. WebInspect can export results to standard formats such as XML, HTML and PDF.
Phoenix Rising
Behind many of the improvements in WebInspect 7 is SPI Dynamics' newly minted Phoenix architecture, which the company says will become the foundation for other SPI test-related products, including DevInspect and QAInspect. Phoenix provides a common scanning and audit engine for SPI Dynamics products, and includes SCA.
WebInspect 7 is available under a single server perpetual license (about $6,000) and a perpetual user license (about $25,000). A free 15-day trial is available for download at the company's Web site.
About the Author
Michael Desmond is an editor and writer for 1105 Media's Enterprise Computing Group.