News Analysis

Product roundup: New tools for protecting Web, .NET applications

SearchAppSecurity.com Staff

The past few weeks saw the release of new products to protect applications. Here's a look at some of those products.


New WhiteHat offerings enhance Web app vulnerability assessment

WhiteHat Security Inc. has announced enhanced offerings of WhiteHat Sentinel, its continuous vulnerability assessment and management service for Web sites. The two new additions, WhiteHat Satellite and the WhiteHat Web Services API, enable customers and partners to expand their visibility into Web application vulnerabilities inside of corporate networks and provide greater integration into the software development life cycle (SDLC).

WhiteHat Satellite is an easy-to-install appliance that provides access and visibility to further assess and evaluate Web applications residing behind the firewall. This provides an additional level of assessment for customers during the QA process, adding a comprehensive security evaluation as part of the SDLC prior to deployment.

The WhiteHat Web Services API gives customers and partners a choice in managing WhiteHat Sentinel vulnerability data. Now, customers can easily integrate WhiteHat data into any existing Security Information Management (SIM) systems or other internal portals. Partners, including resellers, MSPs and MSSPs, who may offer a variety of managed services, can include the results of WhiteHat Sentinel vulnerability assessments in their custom customer interfaces.

WhiteHat Satellite is available for $1,200 for an unlimited number of applications. Current WhiteHat Sentinel customers can access the WhiteHat Sentinel Web API free of charge. Contact the WhiteHat sales office at (408) 492-1817 for more information.

------------------------------------------------------------------

Aladdin announces .NET support for HASP application security suite

Aladdin Knowledge Systems, a security and identity management firm, has extended its Aladdin HASP suite to support the .NET Framework 2.0. With Aladdin HASP, applications are wrapped in a so-called "protective envelope" that does not affect their underlying source code. Techniques deployed inside this security layer include encryption of software files, anti-debugging schemes and randomly assembled protection layers.

Aladdin HASP consists of three products -- HASP HL for single-user licensing, HASP HL Net for multi-user network environments and HASP TT, a tool for creating trialware, which lets customers and clients try out an enterprise's products while protecting the product's intellectual property.

Company site: www.aladdin.com
HASP HL demo: www.aladdin.com/Flash/HASP/Demo/default.asp
HASP TT trial download: www.aladdin.com/forms/hasp-tt-evaluation/form.asp

------------------------------------------------------------------

Gnucitizen releases JavaScript security tool

AttackAPI (0.7) provides simple and intuitive Web programmable interface for composing attack vectors with JavaScript and other client/server-related technologies. The current release supports several browser-based attacking techniques and a simple but powerful JavaScript console.

Components include the following:

  • Client Enumeration
  • Server Enumeration
  • AuthorizationForcer
  • ExtensionScanner
  • HistoryDumper
  • NetworkSweeper
  • PortScanner
  • Utils
  • JavaScriptShell
  • UsernameScanner
  • URLScanner
  • Base64Encoder
  • RequestBuilder

According to the creator, "Now it can compose requests, fetch text and binary files, scan for usernames and scan URLs. This pretty much proves that JavaScript can be used for quite a lot malicious stuff without breaking the rules."

For more information and to download the tools, visit gnucitizen.org.

------------------------------------------------------------------

.NET testing tool released

Thor 0.99, a .Net 2.0 application design for manual Web application testing, has been released. It is built around IE control but also supports raw mode. It allows you to intercept, modify (cookies, post body), save and reply Web requests without a need for a Web proxy.

New features in this release include raw mode (with SSL support) and XML encryption of test files.

For more information, download the manual. To get a copy of the tool, you may download it here -- http://myweb.tiscali.co.uk/pak76tools/Thor/Thor099.zip.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy