Security experts agree as more and more organizations develop Web and Web 2.0 applications, vulnerabilities and exploits will increase exponentially. The provider of Unified Vulnerability Management solutions for large enterprise deployments and small to medium businesses, today announces the availability of the latest version of Rapid7 NeXpose.
NeXpose 4.6 enhances Rapid7's industry leading web application scanning and network vulnerability assessment solution and allows organization to scan entire networks and take full advantage of their Web applications. In 2006, Rapid7 developed Browser Emulation Scanning Technology for scanning Web and Web 2.0 applications for vulnerabilities in JavaScript code. With BEST, Rapid7 takes NeXpose's robust, automatic Web spidering and analysis capabilities to the next level, and is the first to provide a vulnerability scanning solution that analyzes JavaScript, Ajax and Flash applications in testing, quality assurance, deployment and ongoing management.
To mitigate the risk, many businesses turn to Web Application scanners. However, Web application scanners struggle to recognize and uncover vulnerabilities in new functionality such as JavaScript, AJAX, Flash Flex, ActionScript, ASP.NET 2.0 (Atlas) and .NET 3.0. Rapid7 developed BEST in response to the increased use of Asynchronous JavaScript and XML for dynamic Web programming, which makes Web sites and applications vulnerable to Document Object Model or DOM-based cross-site scripting and other risks.
According to Gartner in Web 2.0 Needs Security by John Pescatore, "The dynamic and distributed nature of Web 2.0 applications means that some new approaches will be required to maintain the necessary level of business strength security. Vulnerability assessment techniques will need to be extended to deal with client-side executables and service-oriented architectures."
DOM-based XSS allows an attacker to trick a Web application into emitting malicious JavaScript or HTML code that appears to come from the application when it runs in the browser of an unsuspecting user. NeXpose provides reporting capabilities that ensure compliance with governmental regulations and corporate security configuration policies.
"With version 4.6, NeXpose allows organizations to leverage their investment in Web applications and secure their entire network," states Alan Matthews, president of Rapid7 LLC. "Web applications, including Web 2.0, consist of many moving parts such as databases, operating systems and third-party applications. At Rapid7, we understand that customers require a solution like NeXpose that provides optimal web scanning and is completely integrated with network vulnerability management".
NeXpose 4.6 features: - Web-Spidering Technology NeXpose 4.6 increases scalability and performance
- Browser Emulation Scanning Technology (BEST) Client-side scanning of Web applications for vulnerabilities in JavaScript, AJAX, Flash, Flex, ActionScript, ASP.NET 2.0 (Atlas) and .NET 3.0.
- Content Scanning Customers can scan applications for specific content such as credit card and social security numbers
- Web Application Pass-Through Scanning Unlike other scanners that stop when they find a vulnerability, NeXpose passes through the initial vulnerability to scan for deeper vulnerabilities
- Batched Scanning Reduces scan times and allows customers to target specific and mission critical addresses
.gif&max=85)
A leading provider of enterprise software and services for global manufacturers, QAD, Inc announced that to meet MMOG/LE requirements, Wagon Automotive, Inc has deployed QAD Enterprise Applications. a subsidiary of Wagon PLC, Wagon Automotive, Inc., manufactures structural components and assemblies using a continuous metal forming method using a series of engineered rolls, CALLED roll forming technology.
.gif&max=85)
