Welcome!

AJAX & REA Authors: John Funnell, Bob Little, Kevin Hoffman, Maureen O'Gara, Onkar Singh

Related Topics: AJAX & REA, Open Source

AJAX & REA: Article

SPI Dynamics Unveils Phoenix Architecture to Test Web 2.0 Technologies Such as AJAX

Phoenix Architecture Raises the Bar for Automated Web Application Security Testing and Tackles Growing Problem of False Negative

(SYS-CON Media) - S.P.I. Dynamics, provider of web application security software and services, announced the company's Phoenix architecture - the first and only technology able to analyze complex Web 2.0 applications to reveal previously undetectable vulnerabilities.

Today's web applications are complex and dynamic; combining client and server side processing with Web 2.0 technologies such as AJAX, SOAP, SOA and Flash. Traditional application scanners fail to discover security vulnerabilities exposed by use of these new technologies, resulting in high false negatives rates. The new web requires a fundamental revolution in assessment technology.

"Anyone developing web applications today should incorporate new Web 2.0 technologies to improve user experience and satisfy customer requirements," said Caleb Sima, co-founder and CTO, SPI Dynamics. "But implementation of these new technologies is a double-edged sword, creating enormous new attack surfaces that leave web applications more exposed than ever before. Leveraging our Phoenix architecture, SPI Dynamics is the first company to provide an automated web application security tool that can discover vulnerabilities in today's web applications. We are pleased to provide another leading innovation from SPI Dynamics to continue to ensure our customers receive the best and broadest web application security coverage."

The Phoenix architecture will provide the foundation for SPI Dynamics' entire product line, enabling faster, more accurate scans and facilitating analysis of the new dynamic technologies typically associated with Web 2.0. The first SPI Dynamics' product to utilize the Phoenix architecture is WebInspect 7.

The new Phoenix architecture enables:

- Faster Scans, More Accurate Results - SPI Dynamics' new patent-pending simultaneous crawl and audit (SCA) technology combines the application crawl and audit into a single fluid process. By conducting these activities in parallel instead of sequentially, scan times are reduced by 50 percent or more.
- Immediate Results - This new auditing approach provides results to the tester within seconds of starting an assessment and continues to report in real time throughout the scan.
- Broader Coverage, Reduced False Negatives - WebInspect 7 includes intelligent scanning engines capable of analyzing complex Web 2.0 technologies to provide broader testing coverage than possible with earlier legacy scanning architectures. WebInspect 7 exposes application logic that was previously hidden, revealing security vulnerabilities undetectable through automated security testing.
- Simultaneous Scans - Users can now launch and manage multiple concurrent scans, greatly increasing testing throughput with WebInspect 7.
- Advanced Authentication Management - New automated mechanisms eliminate the complexities of authentication even with applications using advanced technologies such as two-factor authentication or CAPTCHA. WebInspect 7 can both authenticate with secure web applications and detect when re-authentication is required. This is essential to ensure complete coverage.
- Support for IPv6 - WebInspect 7 is ready for the future Internet with full support for IPv6.

More Stories By RIA News Desk

Ever since Google popularized a smarter, more responsive and interactive Web experience by using AJAX (Asynchronous JavaScript + XML) for its Google Maps & Gmail applications, SYS-CON's RIA News Desk has been covering every aspect of Rich Internet Applications and those creating and deploying them. If you have breaking RIA news, please send it to RIA@sys-con.com to share your product and company news coverage with AJAXWorld readers.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
ajax news desk 01/29/07 01:01:15 PM EST

S.P.I. Dynamics announced the company's Phoenix architecture - the first and only technology able to analyze complex Web 2.0 applications to reveal previously undetectable vulnerabilities.Today's web applications are complex and dynamic; combining client and server side processing with Web 2.0 technologies such as AJAX, SOAP, SOA and Flash.