SPI Dynamics takes aim at Web vulnerabilities

SPI Dynamics Incorporated has released two new products that automatically protect Web applications that use Asynchronous JavaScript and XML (AJAX), a popular new technology found in Google Maps and other applications.

AJAX enables users to run Java in their client browsers, removing the need to reload Web pages when new information is requested, said Caleb Sima, founder and CTO. That capability adds new attack vectors by exposing parts of back-end applications that were not vulnerable before, he said.

'AJAX represents the future of Web application technology,' said Erik Peterson, VP of product management. 'SPI Dynamics believes that by the end of 2006, 30 percent of all Web applications will be AJAX-based.'

SPI's WebInspect 5.8 crawls Web applications similar to how network scanners for servers work, Sima said. It looks for holes in Web applications and creates security checks based on its own penetration testing and other daily updates from the company.

The company's Assessment Management Platform (AMP) 2.0 product enables WebInspect users to scale the program enterprisewide. AMP 2.0 enforces security policies, automates application assessment and acts as a command-and-control center for application security, he said.

The programs' scalability and control appeal to federal government customers, Sima said. SPI Dynamics has several government customers, including eight or nine three-letter agencies, he said.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected