Applications have become more distributed, with many being Web-enabled or utilizing Web services. Recognizing and executing on a need to test the security of Web-enabled applications netted SPI Dynamic's WebInspect 5.5 the Silver Award in SearchWindowsSecurity.com's Product of the Year Testing and Auditing category. Our judges lauded WebInspect for its innovative approach to tackling the often overlooked and dangerous problem of security vulnerabilities in Web applications.

Web applications often create a window into databases that can be broken open by a skilled attacker. SPI Dynamic's WebInspect approaches Web applications and Web services as any other security vulnerability. It complements traditional firewalls and intrusion detection systems by identifying vulnerabilities at the Web application level. WebInspect looks for weaknesses in the design of these applications in a production or testing environment. It uses known attack vectors like SQL injection, cross-site scripting, buffer overflows, character stripping, path manipulation and many other attacks to find vulnerabilities in Web-enabled applications.

Judges also valued WebInspect's overall ease of use. With its wizard interface, users can easily run automated Web application assessments. Another bonus is that it requires no server-side installations and it can be used remotely for Web application assessments.

Also, since it is a Web-based application tester, it moves at a speed similar to the Web applications it is testing, and WebInspect's tests can be completed in minutes, and this afforded it high marks in the performance category.

Because the Internet landscape is always changing, WebInspect continues to change as well, with version 5.5 adding more Web application attacks to its testing arsenal. Version 5.5 also improved performance and ease of use over previous versions. Another addition that should appeal to e-commerce companies is its improved policy support, including the ISO 17799 assessment policy and the Visa Payment Card Industry Data Security Policy.

Pricing: WebInspect single server perpetual licenses are available starting at $6,000; and perpetual user licenses start at $30,000. Enterprise pricing and consultant licenses are also available.

SearchWindowsSecurity.com editors