SPI Dynamics takes aim at Web vulnerabilities

SPI Dynamics has released two products that automatically protect Web applications that use Asynchronous JavaScript and Extensible Markup Language (AJAX), a popular new technology found in Google Maps and other applications.

AJAX enables users to run Java in their client browsers, removing the need to reload Web pages when new information is requested, said Caleb Sima, the company’s founder and chief technology officer. That capability adds new attack vectors by exposing parts of back-end applications that were not vulnerable before, he said.

“AJAX represents the future of Web application technology,” said Erik Peterson, vice president of product management. “SPI Dynamics believes that by the end of 2006, 30 percent of all Web applications will be AJAX-based.”

SPI’s WebInspect Version 5.8 crawls Web applications similar to the way network scanners for servers work, Sima said. It looks for holes in Web applications and creates security checks based on its penetration testing and the company’s daily updates.

The company’s Assessment Management Platform Version 2.0 enables WebInspect users to scale the program enterprisewide. It enforces security policies, automates application assessment and acts as a command and control center for application security, Sima said.

The programs’ scalability and control appeal to federal government customers, he said. SPI Dynamics has several government customers, he added.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.