Welcome!

Microservices Expo Authors: Elizabeth White, Pat Romanski, Liz McMillan, Yeshim Deniz, Zakia Bouachraoui

Related Topics: Microservices Expo

Microservices Expo: Article

Compuware Improves Security of Web Applications

Compuware Corporation announces the general availability of Compuware DevPartner SecurityChecker 2.0

Compuware Corporation announced the general availability of Compuware DevPartner SecurityChecker 2.0. This new version of Compuware's security analysis tool offers full integration with Microsoft Visual Studio 2005, enabling development and testing teams to improve the quality of their Microsoft ASP.NET Web applications by quickly locating and fixing security vulnerabilities early in the application life cycle, saving time and money. Compuware also announced a new services offering to help organizations improve application security.

"Microsoft is pleased that DevPartner SecurityChecker 2.0 supports and integrates with Visual Studio 2005," said Rick Samona, product manager of the .NET Developer Product Marketing Group at Microsoft Corp. "With application security becoming such a critical concern for IT organizations, DevPartner SecurityChecker helps development and testing teams locate and identify security vulnerabilities to secure their applications from attacks."

DevPartner SecurityChecker is a security assessment tool that accelerates the development of secure ASP.NET applications. DevPartner SecurityChecker helps efficiently achieve application security by automatically identifying security vulnerabilities through a combination of both white-box (code scanning and run-time analysis) and black-box (penetration testing) testing techniques and pinpoints the location of the vulnerability in source code. By automating the security vulnerability detection process, DevPartner SecurityChecker helps developers deliver secure ASP.NET Web applications on time and on budget.

"Seventy-five percent of application attacks occur at the application level. Security is another facet of quality and like quality, security must be built into the application, not tested at the end of the development cycle," said Theresa Lanowitz, Research Director at Gartner, Inc., in her report. "In today's IT organization, new issues such as compliance, regulations, risk management and ever-changing priorities are increasing the focus on application security. Information, plans and requirements regarding security must begin at the application level."

New features and enhancements in DevPartner SecurityChecker 2.0 include:

-Full integration with Visual Studio 2005 with the Microsoft .NET Framework 2.0.
-Reduction of false positive reporting.
-Improvements for creating and managing discovery maps.
-Improvements to existing SQL Injection, Cross-Site Scripting (XSS), and Parameter Tampering vulnerability detection.
-Thirty new Integrity rules, including rules for finding:

            a). Google Hacking vulnerabilities such as pages containing configuration information, hidden content, error information, and points of entry.
            b). Hidden developer information that can be unlocked and viewed by an attacker, like debugging data.
            c). Examining HTTP headers for cookie and page caching vulnerabilities.
            d). Exploiting a vulnerability to bypass the default ASP.NET validation procedure that allows an application to be vulnerable to Cross-Site Scripting (XSS) attacks.

"DevPartner SecurityChecker 2.0 helps me and my development team find and fix vulnerabilities in our ASP.NET applications," said beta tester, Bernd Oerding, Head of Development CAD/GIS at HHK Datentechnik GmbH. "With DevPartner SecurityChecker 2.0, we were able to check our code and see all of the errors and possible security risks as well as get detailed information on how to address and resolve the security issues, helping to improve the overall code quality and security of our applications."

Compuware also offers a Security Assessment for ASP.NET applications to those organizations that require specific expertise. This service offering combines the proficiency of Compuware IT professionals with the strengths of DevPartner SecurityChecker, allowing IT and development staffs to accurately assess the security vulnerabilities of an ASP.NET application. Through this service offering, a Compuware technician will review the identified application and then perform a security assessment using Compuware DevPartner SecurityChecker, applying three analysis modes to the application. These modes will focus on code-base analysis, run-time analysis and simulation of attacks from a hacker's point of view. The Compuware consultant will then deliver a detailed report to the customer that the customer can use to investigate and correct found vulnerabilities.

"DevPartner SecurityChecker squarely addresses one of the growing concerns of our customers: application security," said Bob Barker, Vice President of Strategic Planning at Compuware Corporation. "By employing DevPartner SecurityChecker, IT managers ensure that their teams are taking the appropriate measures to mitigate the business risk associated with Web application vulnerabilities."

DevPartner SecurityChecker 2.0 is currently available and shipping at a U.S. list price of $12,000 per concurrent user. Volume discounts are available.

Other Compuware products that currently support Visual Studio 2005 are DevPartner Studio 8.0 and DevPartner Fault Simulator 1.5. In Spring 2006, Compuware plans to release the next version of its functional testing tool, Compuware TestPartner, which will support and integrate with Microsoft Visual Studio 2005 Team System. Compuware will demonstrate all of these solutions at the VSLive! San Francisco Conference (booth #706).

Compuware Quality Solutions across the application life cycle enable enterprises to build, test and manage high-quality applications using Microsoft, Java, mainframe and Web technologies. These solutions work together to deliver value to enterprises that depend upon mission-critical applications to remain competitive in increasingly complex and demanding business environments.

More Stories By SOA News Desk

SOA World Magazine News Desk trawls the world of distributed computing and SOA-related developments for the latest word on technologies, standards, products, and services and brings key information to you in a timely and convenient summary form.

Comments (3) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
SYS-CON Brazil News Desk 01/30/06 07:57:52 PM EST

Compuware Corporation announced the general availability of Compuware DevPartner SecurityChecker 2.0. This new version of Compuware's security analysis tool offers full integration with Microsoft Visual Studio 2005, enabling development and testing teams to improve the quality of their Microsoft ASP.NET Web applications by quickly locating and fixing security vulnerabilities early in the application life cycle, saving time and money. Compuware also announced a new services offering to help organizations improve application security.

SYS-CON Australia News Desk 01/30/06 07:13:10 PM EST

Compuware Corporation announced the general availability of Compuware DevPartner SecurityChecker 2.0. This new version of Compuware's security analysis tool offers full integration with Microsoft Visual Studio 2005, enabling development and testing teams to improve the quality of their Microsoft ASP.NET Web applications by quickly locating and fixing security vulnerabilities early in the application life cycle, saving time and money. Compuware also announced a new services offering to help organizations improve application security.

SYS-CON Australia News Desk 01/30/06 03:56:06 PM EST

Compuware Corporation announced the general availability of Compuware DevPartner SecurityChecker 2.0. This new version of Compuware's security analysis tool offers full integration with Microsoft Visual Studio 2005, enabling development and testing teams to improve the quality of their Microsoft ASP.NET Web applications by quickly locating and fixing security vulnerabilities early in the application life cycle, saving time and money. Compuware also announced a new services offering to help organizations improve application security.

Microservices Articles
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize existing data center assets, leverage the advantages of cloud computing and avoid cloud vendor lock-in. This requires a globally aware traffic management strategy that can monitor infrastructure health across data centers and end-user experience globally, while responding to control changes and system specification at the speed of today’s DevOps teams. In his session at 20th Cloud Expo, Josh Gray, Chie...
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...