(SYS-CON Media) - S.P.I. Dynamics, provider of web application security software and services, announced the company's Phoenix architecture - the first and only technology able to analyze complex Web 2.0 applications to reveal previously undetectable vulnerabilities.

Today's web applications are complex and dynamic; combining client and server side processing with Web 2.0 technologies such as AJAX, SOAP, SOA and Flash. Traditional application scanners fail to discover security vulnerabilities exposed by use of these new technologies, resulting in high false negatives rates. The new web requires a fundamental revolution in assessment technology.

"Anyone developing web applications today should incorporate new Web 2.0 technologies to improve user experience and satisfy customer requirements," said Caleb Sima, co-founder and CTO, SPI Dynamics. "But implementation of these new technologies is a double-edged sword, creating enormous new attack surfaces that leave web applications more exposed than ever before. Leveraging our Phoenix architecture, SPI Dynamics is the first company to provide an automated web application security tool that can discover vulnerabilities in today's web applications. We are pleased to provide another leading innovation from SPI Dynamics to continue to ensure our customers receive the best and broadest web application security coverage."

The Phoenix architecture will provide the foundation for SPI Dynamics' entire product line, enabling faster, more accurate scans and facilitating analysis of the new dynamic technologies typically associated with Web 2.0. The first SPI Dynamics' product to utilize the Phoenix architecture is WebInspect 7.

The new Phoenix architecture enables:

- Faster Scans, More Accurate Results - SPI Dynamics' new patent-pending simultaneous crawl and audit (SCA) technology combines the application crawl and audit into a single fluid process. By conducting these activities in parallel instead of sequentially, scan times are reduced by 50 percent or more.
- Immediate Results - This new auditing approach provides results to the tester within seconds of starting an assessment and continues to report in real time throughout the scan.
- Broader Coverage, Reduced False Negatives - WebInspect 7 includes intelligent scanning engines capable of analyzing complex Web 2.0 technologies to provide broader testing coverage than possible with earlier legacy scanning architectures. WebInspect 7 exposes application logic that was previously hidden, revealing security vulnerabilities undetectable through automated security testing.
- Simultaneous Scans - Users can now launch and manage multiple concurrent scans, greatly increasing testing throughput with WebInspect 7.
- Advanced Authentication Management - New automated mechanisms eliminate the complexities of authentication even with applications using advanced technologies such as two-factor authentication or CAPTCHA. WebInspect 7 can both authenticate with secure web applications and detect when re-authentication is required. This is essential to ensure complete coverage.
- Support for IPv6 - WebInspect 7 is ready for the future Internet with full support for IPv6.