SPI Dynamics takes aim at Web vulnerabilities
- By Michael Arnone
- Jan 18, 2006
AJAX enables users to run Java in their client browsers, removing the need to reload Web pages when new information is requested, said Caleb Sima, founder and CTO. That capability adds new attack vectors by exposing parts of back-end applications that were not vulnerable before, he said.
'AJAX represents the future of Web application technology,' said Erik Peterson, VP of product management. 'SPI Dynamics believes that by the end of 2006, 30 percent of all Web applications will be AJAX-based.'
SPI's WebInspect 5.8 crawls Web applications similar to how network scanners for servers work, Sima said. It looks for holes in Web applications and creates security checks based on its own penetration testing and other daily updates from the company.
The company's Assessment Management Platform (AMP) 2.0 product enables WebInspect users to scale the program enterprisewide. AMP 2.0 enforces security policies, automates application assessment and acts as a command-and-control center for application security, he said.
The programs' scalability and control appeal to federal government customers, Sima said. SPI Dynamics has several government customers, including eight or nine three-letter agencies, he said.