SPI Dynamics takes aim at Web vulnerabilities

SPI Dynamics has released two products that automatically protect Web applications that use Asynchronous JavaScript and Extensible Markup Language (AJAX), a popular new technology found in Google Maps and other applications.

AJAX enables users to run Java in their client browsers, removing the need to reload Web pages when new information is requested, said Caleb Sima, the company’s founder and chief technology officer. That capability adds new attack vectors by exposing parts of back-end applications that were not vulnerable before, he said.

“AJAX represents the future of Web application technology,” said Erik Peterson, vice president of product management. “SPI Dynamics believes that by the end of 2006, 30 percent of all Web applications will be AJAX-based.”

SPI’s WebInspect Version 5.8 crawls Web applications similar to the way network scanners for servers work, Sima said. It looks for holes in Web applications and creates security checks based on its penetration testing and the company’s daily updates.

The company’s Assessment Management Platform Version 2.0 enables WebInspect users to scale the program enterprisewide. It enforces security policies, automates application assessment and acts as a command and control center for application security, Sima said.

The programs’ scalability and control appeal to federal government customers, he said. SPI Dynamics has several government customers, he added.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Budget
    Stock photo ID: 134176955 By Richard Cavalleri

    House passes stopgap spending bill

    The current appropriations bills are set to expire on Oct. 1; the bill now goes to the Senate where it is expected to pass.

Stay Connected