IBM on Fire

Five months after being acquired by
IBM, Watchfire is out with its latest release of its security scanning
product AppScan.

With the release, Watchfire will try to prove that it can integrate with IBM’s Rational product line and that it can also still continue to stand on its own.

“Application security needs to be part of the software process and that was
the impetus for IBM buying us,” Mike Weider, CTO of Watchfire, told
InternetNews.com. “Part of our vision is to create an end to end
solution for application security from the early days of development to full
deployment and monitoring.”

While integration with IBM Rational development product portfolio is
ongoing, Weider noted that it’s also important that Watchfire continues to
service standalone customers that aren’t using IBM’s other tools.

That’s what the AppScan 7.7 release is all about. The new AppScan includes a more
robust scanning engine that can identify more vulnerabilities, no matter
where they sit in the business applications process.

Weider explained that the state inducer technology in AppScan 7.7 is
designed to make sure AppScan properly scans a business process in the right
order. For example, you can’t test checkout in an e-commerce application
until you’ve got something in the cart.

Weider admitted that in the past
that had been a challenge for AppScan, but now the software will now scan
applications in the right order. The AppScan 7.7 release also takes aim at a particularly dangerous type of vulnerability that often has been misunderstood.

“There is a new vulnerability that we’ve been tracking called cross site
request forgery. It’s a close cousin of XSS, which is the number one
vulnerability on the Internet,” Weider said. “Cross Site Request Forgery is
really about tricking a user to make requests to a third party without
realizing they’re doing it.”

For example, Weider explained that a user could browse to a website with a
malicious payload. That payload would make a request in the background that
wasn’t authorized. It sounds a bit like Cross Site Scripting, but is its own
unique vulnerability that hasn’t properly been identified in the past.

“The confusion about it is that all sites that all sites that are vulnerable
to cross site scripting will also be vulnerable to Cross Site Request
Forgery, but the reverse isn’t true,” Weider noted.

“Even though you may not be at risk for XSS, you could be at risk for forgery. In the past we’ve had robust tests for cross site scripting and in that regard we’d
catch forgery vulnerabilities. But we would not have caught forgery where
there is no cross site scripting vulnerability and that’s the new capability
we’ve added.”

With the AppScan 7.7 release, there is actually one item that is being
removed from the product – namely the Watchfire name itself.

“The AppScan brand will remain as the product name but the Watchfire name is
being slowly transitioned out,” Weider admitted. “We’re being integrated
into the IBM Rational software brand.”

This article was first published on InternetNews.com. To read the full article, click here.

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020