SPI Dynamics takes aim at Web vulnerabilities

SPI Dynamics Incorporated has released two new products that automatically protect Web applications that use Asynchronous JavaScript and XML (AJAX), a popular new technology found in Google Maps and other applications.

AJAX enables users to run Java in their client browsers, removing the need to reload Web pages when new information is requested, said Caleb Sima, founder and CTO. That capability adds new attack vectors by exposing parts of back-end applications that were not vulnerable before, he said.

'AJAX represents the future of Web application technology,' said Erik Peterson, VP of product management. 'SPI Dynamics believes that by the end of 2006, 30 percent of all Web applications will be AJAX-based.'

SPI's WebInspect 5.8 crawls Web applications similar to how network scanners for servers work, Sima said. It looks for holes in Web applications and creates security checks based on its own penetration testing and other daily updates from the company.

The company's Assessment Management Platform (AMP) 2.0 product enables WebInspect users to scale the program enterprisewide. AMP 2.0 enforces security policies, automates application assessment and acts as a command-and-control center for application security, he said.

The programs' scalability and control appeal to federal government customers, Sima said. SPI Dynamics has several government customers, including eight or nine three-letter agencies, he said.

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group