The past few weeks saw the release of new products to protect
applications. Here's a look at some of those products.
New WhiteHat offerings enhance Web app vulnerability
assessment
WhiteHat Security Inc. has announced enhanced offerings of
WhiteHat Sentinel, its continuous vulnerability assessment and
management service for Web sites. The two new additions, WhiteHat
Satellite and the WhiteHat Web Services API, enable customers and
partners to expand their visibility into Web application
vulnerabilities inside of corporate networks and provide greater
integration into the software development life cycle (SDLC).
WhiteHat Satellite is an easy-to-install appliance that provides
access and visibility to further assess and evaluate Web
applications residing behind the firewall. This provides an
additional level of assessment for customers during the QA process,
adding a comprehensive security evaluation as part of the SDLC
prior to deployment.
The WhiteHat Web Services API gives customers and partners a
choice in managing WhiteHat Sentinel vulnerability data. Now,
customers can easily integrate WhiteHat data into any existing
Security Information Management (SIM) systems or other internal
portals. Partners, including resellers, MSPs and MSSPs, who may
offer a variety of managed services, can include the results of
WhiteHat Sentinel vulnerability assessments in their custom
customer interfaces.
WhiteHat Satellite is available for $1,200 for an unlimited
number of applications. Current WhiteHat Sentinel customers can
access the WhiteHat Sentinel Web API free of charge. Contact the
WhiteHat sales office at (408) 492-1817 for more information.
------------------------------------------------------------------
Aladdin announces .NET support for HASP application security
suite
Aladdin Knowledge Systems, a security and identity management
firm, has extended its Aladdin HASP suite to support the .NET
Framework 2.0. With Aladdin HASP, applications are wrapped in a
so-called "protective envelope" that does not affect their
underlying source code. Techniques deployed inside this security
layer include encryption of software files, anti-debugging schemes
and randomly assembled protection layers.
Aladdin HASP consists of three products -- HASP HL for
single-user licensing, HASP HL Net for multi-user network
environments and HASP TT, a tool for creating trialware, which lets
customers and clients try out an enterprise's products while
protecting the product's intellectual property.
Company site:www.aladdin.com
HASP HL demo:www.aladdin.com/Flash/HASP/Demo/default.asp
HASP TT trial download:www.aladdin.com/forms/hasp-tt-evaluation/form.asp
------------------------------------------------------------------
Gnucitizen releases JavaScript security tool
AttackAPI (0.7) provides simple and intuitive Web programmable
interface for composing attack vectors with JavaScript and other
client/server-related technologies. The current release supports
several browser-based attacking techniques and a simple but
powerful JavaScript console.
Components include the following:
- Client Enumeration
- Server Enumeration
- AuthorizationForcer
- ExtensionScanner
- HistoryDumper
- NetworkSweeper
- PortScanner
- Utils
- JavaScriptShell
- UsernameScanner
- URLScanner
- Base64Encoder
- RequestBuilder
According to the creator, "Now it can compose requests, fetch
text and binary files, scan for usernames and scan URLs. This
pretty much proves that JavaScript can be used for quite a lot
malicious stuff without breaking the rules."
For more information and to download the tools, visit
gnucitizen.org.
------------------------------------------------------------------
.NET testing tool released
Thor 0.99, a .Net 2.0 application design for manual Web
application testing, has been released. It is built around IE
control but also supports raw mode. It allows you to intercept,
modify (cookies, post body), save and reply Web requests without a
need for a Web proxy.
New features in this release include raw mode (with SSL support)
and XML encryption of test files.
For more information,
download the manual. To get a copy of the tool, you may
download it here --
http://myweb.tiscali.co.uk/pak76tools/Thor/Thor099.zip.