McAfee, Inc. Foundstone Services Offers Tools and Training to Help Application Developers Build Secure Software

New .NET Toolkit From Foundstone Professional Services Help Developers Throughout the Lifecycle of Software Development

SANTA CLARA, CA, March 8, 2005, McAfee, Inc. (NYSE: MFE), the pioneer and worldwide leader of intrusion prevention solutions, today announced that its leading security services group, Foundstone Professional Services, a division of McAfee, has released the S3i(TM) (Strategic Secure Software Initiative) .NET security toolkit specifically designed to help application developers and architects to build secure and reliable applications. The new toolkit, comprised of the Validator.NET, .NETMon and SecureUML template tools help developers validate, debug and analyze vulnerabilities during the design and development of web applications.

The need to build secure software has become a high priority for organizations of all sizes today, in order to ensure that hackers cannot gain access to software and applications that make up an organization’s IT infrastructure. Building secure software requires careful design and development as well as a fundamental understanding of the security mechanisms and techniques available. The new tools are key components of a developer’s security toolkit to help improve specific aspects of design and eliminate specific vulnerabilities in development.

Validator.NET enables developers to programmatically determine user input locations that could be potentially exploited by hackers and provides proactive steps to build data validation routines which are loaded into a protection module. The tool helps eliminate common vulnerabilities such as SQL Injection and Cross-Site Scripting.

“The Foundstone Validator.NET tool is an important resource for malicious input testing for ASP.NET Web applications,” said Michael Howard, senior security program manager at Microsoft Corp., and co-author of Writing Secure Code.

The .NETMon tool monitors the .NET common language runtime enabling a developer to conduct detailed analysis of how the .NET framework enforces security controls, including setting custom profiling filters and logging of specific events. The SecureUML Visio template defines a custom Unified Modeling Language (UML) dialect to help system architects build roles based access control systems (RBAC).

“Building secure applications is the next wave in the security landscape. Organizations are vastly improved in protecting their corporate networks from attack, but are still very much at risk due to software flaws,” said Mark Curphey, senior director of consulting for Foundstone Professional Services at McAfee, Inc. “McAfee’s Foundstone Professional Services is dedicated to working directly with software architects and developers to ensure that they have the necessary tools to design and build secure software. Leveraging the suite of development tools available from Foundstone Professional Services today helps organizations improve the security quality of their software and reduce their business risk.”

Validator.NET, .NETMon and SecureUML together create the S3i(TM) .NET security toolkit and are three of many tools available from the Foundstone Professional Services group to help design, develop, deploy and maintain reliable and secure software. In addition to the toolkit offerings, Foundstone Professional Services is also offering a new four-day intensive training course, entitled “Writing Secure Code ASP.NET” designed to help application developers understand the key security features of the .NET platform, the common web security pitfalls developers make and how to build secure and reliable web applications. For more information and a complete course description, please visit: www.foundstone.com/education/course_template.htm?indexid=28 . Foundstone(R) Professional Services, a division of McAfee, Inc. offers a unique combination of software, services, and education to help organizations continuously and measurably protect the most important assets from the most critical threats. Through a strategic approach to security, Foundstone identifies, recommends, and implements the right balance of technology, people, and process to manage digital risk and leverage security investments more effectively.

About McAfee
McAfee, Inc., headquartered in Santa Clara, Calif., a worldwide leader in intrusion prevention and risk management solutions, delivers proven security products and services to help customers effectively balance the competing priorities between business needs and security requirements. McAfee applies profound security expertise toward helping companies, government agencies and consumers block attacks, prevent disruptions, and continuously track and improve the security of their systems and networks. For more information, McAfee, Inc. can be reached at 972-963-8000 or www.mcafee.com.

NOTE: McAfee and Foundstone are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

Contact Information

General PR

Media and Industry Analysts

McAfee, Inc.

Contact via E-mail