SPI Dynamics takes aim at Web vulnerabilities

SPI Dynamics has released two products that automatically protect Web applications that use Asynchronous JavaScript and Extensible Markup Language (AJAX), a popular new technology found in Google Maps and other applications.

AJAX enables users to run Java in their client browsers, removing the need to reload Web pages when new information is requested, said Caleb Sima, the company’s founder and chief technology officer. That capability adds new attack vectors by exposing parts of back-end applications that were not vulnerable before, he said.

“AJAX represents the future of Web application technology,” said Erik Peterson, vice president of product management. “SPI Dynamics believes that by the end of 2006, 30 percent of all Web applications will be AJAX-based.”

SPI’s WebInspect Version 5.8 crawls Web applications similar to the way network scanners for servers work, Sima said. It looks for holes in Web applications and creates security checks based on its penetration testing and the company’s daily updates.

The company’s Assessment Management Platform Version 2.0 enables WebInspect users to scale the program enterprisewide. It enforces security policies, automates application assessment and acts as a command and control center for application security, Sima said.

The programs’ scalability and control appeal to federal government customers, he said. SPI Dynamics has several government customers, he added.