Sanctum Adds Audit-Automation Tools To Security Software

The conventional wisdom in the security industry that 80% of all attacks on company networks and computers stem from malevolent insiders no longer holds. The growing use of Internet applications--accessed by a remote user via a Web browser--has changed the nature of security attacks, and outsiders are now considered the greatest threat.

Many companies suspect computer hackers or terrorists--and even customers--of attempting to breach their systems, according to InformationWeek Research's 2001 Global Information Security Survey, fielded by PricewaterhouseCoopers. According to the survey, 14% of companies suspect their customers, up from 5% last year. Meanwhile, a separate survey conducted by the Computer Security Institute and the FBI indicates that 72% of businesses cite Internet connections as a frequent point of attack, while only 31% cite internal systems. Once they do gain entry to corporate IT systems, malicious attackers have the access and ability to cause a wide range of problems, such as defacing Web sites, altering product pricing, and accessing confidential data.

Sanctum Inc., which sells software designed to make Web applications more secure, has introduced an enhanced version of its AppScan software, which helps automate the auditing of Web applications for software holes that hackers could use to break into systems. The automated process lets IT managers check Web applications for security weaknesses five times faster than doing it manually, the company says.

AppScan 2.5 is designed to find both known and previously undiscovered vulnerabilities, and it suggests ways that problems can be corrected with patches or other workaround techniques. Sanctum has added better security-audit automation tools, including automated field-form fillers, which let users enter test data once for all related fields.

Despite the increase in known vulnerabilities, Hurwitz Group security analyst Pete Lindstrom says Web-application security has been largely overlooked until recently. "This is growing into a hot space in security," Lindstrom says. "Sanctum is a leader in this space, and AppScan is a way companies can boost defenses for Web-application security."

AppScan 2.5 is available now, and pricing starts at $15,000.