Java Source Code Analysis Tool Improves Web Application Security

SPI Dynamics, Leader in Web Application Security Testing and Secure Source Code Development Solutions, Announces Only Web Application Security Product for Java Developers with Cooperative Source Code and Black Box Testing
SPI Dynamics Announces DevInspect® 3.0 with Hybrid Analysis™ - The First and Only Web Application Security Software for Java Developers that Combines Source Code Analysis and Black Box Testing Technology to Deliver the Most Accurate Results

ATLANTA – November 6, 2006 –S.P.I. Dynamics, Inc. the leading provider of Web application security testing software and services, announced today full support for Java developers and J2EE Web applications in DevInspect 3.0, the new version of its unique developer application security solution. DevInspect is the first and only developer security product available for the Java market with Hybrid Analysis technology – the powerful combination of source code analysis plus black box security testing – for the most accurate approach to securing Java applications. DevInspect 3.0 integrates directly into the most popular Java development environments, including Eclipse and IBM Rational Application Developer, enabling developers to secure their applications quickly and easily from their familiar work environment.

“Hybrid Analysis is the most accurate and efficient technique for writing secure source code. And developing source code securely during the construction phase of the Software Development Lifecycle is essential to a cost effective strategy for application security. We are delighted to be able to offer a secure coding framework for Java developers in the latest version of our DevInspect product,” said Brian Cohen, president and CEO, SPI Dynamics. “DevInspect for Java’s Hybrid Analysis combines data from source code analysis and black box testing in a cooperative process that increases accuracy over any other approach, a unique capability based upon DevInspect’s architecture. The results are fundamentally different compared to the simple combination of data from separate source code analysis and black box testing tools within a single report, which only provides data points for manual validation, not better accuracy.”

DevInspect for Java is available as a standalone tool or as a plug-in to the most popular Java integrated development environments, including the Eclipse platform and IBM Rational Application Developer (RAD) versions 6 and 7. DevInspect for Java also integrates with IBM Rational ClearQuest for the development team to be able to manage security defects in source code.

“The best way to ensure secure applications is to incorporate security practices during development before applications are deployed to production. S ignificant cost reductions and dramatic increases in security will be realized when scanners are embedded directly into SDLC platforms, thus allowing security defect detection in the earlier stages of the lifecycle.” said Joseph Feiman, Research Vice President, Gartner Inc. “Even though today there are two markets — one for Web application security scanning and one for source code scanning — each with their own set of vendors, we believe that, longer term, organizations want a single solution that provides both.”

SPI Dynamics ’ unique Hybrid Analysis technology includes a two-phased approach to pinpoint security vulnerabilities with unmatched accuracy and to dramatically reduce false positives. The source code analysis phase defines the application attack surface, identifying all application inputs and finding common security coding errors and all potential vulnerabilities. The black box testing phase uses the intelligence and data from the source code analysis to discover and verify exploitable security defects using automated attack techniques against running applications. This black box testing phase dramatically reduces false positives to yield the subset of exploitable security vulnerabilities in the application found during source code analysis, rather than a theoretical list of all potential problems that require manual review and validation. DevInspect enables developers with little or no security expertise to automatically fix vulnerabilities during development and build secure Web applications.

DevInspect for Java’s distinctive source code and black box analysis approach to secure application development delivers industry best practices and facilitates security assurance collaboration between security professionals, developers and quality assurance teams. Secure development addresses the key challenge today with Web application security - the siloed approach to security that is prevalent in most organizations.

Availability
SPI Dynamics’ DevInspect 3.0 for Java with Hybrid Analysis will be available December 1st. For more information, please visit www.spidynamics.com, or contact SPI Dynamics at (866) 774-2700; info@spidynamics.com.

About S.P.I. Dynamics Incorporated
Start Secure. Stay Secure.®
Security Assurance Throughout the Application Lifecycle

SPI Dynamics delivers a comprehensive suite of products and services that help to identify and remediate Web services and Web application security vulnerabilities found at key stages throughout the Web Application Lifecycle. SPI Dynamics solutions enable security professionals, QA testers, and developers to work together to assess, analyze, and remediate Web applications and Web services for security vulnerabilities, and verify compliance with over 20 security policies like SOX, HIPAA and PCI. The Company’s unique approach utilizing patent-pending Intelligent Engines™ technology combined with the largest Web application security vulnerability knowledgebase in the industry delivers unparalleled speed and accuracy. SPI Dynamics’ research and development team, SPI Labs, is widely recognized as one of the world’s leading authorities on Web application security and risk management. The Company has over 850 customers among Global 2000 enterprises, including over 90 U.S. Federal accounts, and has strategic partnerships with Microsoft, IBM, Mercury, CSC and Visa with Visa investing in the Company in 2005. SPI Dynamics is privately held with headquarters in Atlanta, Georgia. For more information on Web application security, visit www.spidynamics.com or call (866) 774-2700.

DevInspect and Start Secure. Stay Secure. are registered trademarks, and Hybrid Analysis and Intelligent Engines are trademarks of S.P.I. Dynamics, Inc. Product or service names mentioned herein are the trademarks of their respective owners.

Contact Information

Ashley Vandiver

SPI Dynamics, Inc.

Contact via E-mail