Upstart Makes Case For Proactive Security

source code software

WebInspect 6.0 is diagnostic software that scans Websites, identifies vulnerabilities to attacks using techniques such as cross site scripting and code injection, and produces a report outlining where security holes are and how to fix them, according to Caleb Sima, CTO and founder of Atlanta-based SPI Dynamics.

WebInspect's assessment and auditing is powered by a proprietary technology called Intelligent Engines, which significantly increases accuracy by mimicking methods commonly employed by hackers, Sima said. "We emulate how a hacker would look at your Website, which allows us to be faster and extremely accurate," said Sima, adding that the software's false positive rate is "close to zero."

SPI Dynamics also introduced DevInspect 2005, a source code analysis application that integrates with Microsoft Visual Studio 2005.

DevInspect combines source code analysis with black box testing " a method that examines the specifications of software without having knowledge of the internal structure " in order to diagnose and identify exploitable flaws early in the development process, Sima said. DevInspect includes a feature that replaces bad code with good code and shows developers which changes are being made, he added.

id
unit-1659132512259
type
Sponsored post

"We've built in source code analysis to identify attack surfaces, and then use black box testing to determine what is really exploitable," Sima said.

Terry Kurzynski, Managing Partner of Remington Associates, a solution provider in Schaumburg, Ill., says there's a need for tools that can identify vulnerabilities and reduce the number of false positives in the software auditing process.

"Source code analysis saves companies a lot of time by finding problems early and enables them to put out more secure applications and code," said Kurzynski, who estimates that about half of his clients have a "significantly high" number of vulnerabilities in their Web applications.

In addition to a direct sales team, SPI has a nascent channel program that in 2005 brought in about 35 percent of the vendor's revenue, said Sima. Plans are to increase channel ranks by enlisting companies interested in adding WebInspect and DevInspect to their product portfolios, Sima added.