Net Source Code Vulnerability Scanner

MEDIA RELEASE – 23 July 2009

CodeScan Labs Releases

Net Source Code Vulnerability Scanner

New Zealand Security Company Targets Hundreds of Millions of Websites Globally

AUCKLAND, 22 July 09– CodeScan Labs (CodeScan Limited), has released CodeScan version 1.8.3 for .Net (Automated On-Demand Web Source Code Analysis) for global sales. CodeScan Labs is a provider of on-demand security audits of Web Application Source Code. (www.codescan.com)

The first .Net version was released in April, 2009 and since then CodeScan Labs has been continuing to identify further vulnerabilities and to make improvements to increase the product’s coverage. This version includes identification of SQL Injection, and Cross Site Scripting (XSS), two very commonly exploited web application vulnerabilities.

CodeScan Labs’ Founder Peter Benson says “We are committed to affordable security. We have deliberately entered the market as an affordable security tool, easily accessible for everyone that works with web source code and web applications”. The pricing of the product making improved security possible for organisations that could not afford enterprise class security products.

Benson’s view is that security issues affect the whole online world and not just the large corporate who have the budgets for high end security products. The new .Net product now means that CodeScan Labs covers over hundreds of millions of global websites in its product suite with its product supporting internet languages ASP Classic, PHP, ASP.Net, and C#.Net. Globally, .Net covers approximately 50% of the produced web applications online today. A significant portion of these websites are potentially exposed to a wide range of attacks.

For small to medium business, IT is generally not a core function of their business and may be outsourced. As most web development focuses on usability, function and features, security is frequently not built into the applications. Plus many business owners would not know what to ask about security, and management tends to rely on the individual skills of the developer around security.

CodeScan Labs allows businesses to build security into applications as they are developed by identifying over 300 vulnerabilities across the covered languages. While few developers are specialists in security, it is unreasonable to expect a developer to have all this knowledge and stay abreast of a continuously changing landscape. The CodeScan product suite both validates and provides a aknowledge base for the individual developers’ to improve their security skills. It also provides an easy third party review of code, demonstrating that the developer community and business are showing reasonable care.

A CodesScan Lab client with a significant online retail presence recently undertook a 3 day manual audit of one of their website applications and identified a number of vulnerabilities. They then used CodeScan Labs automated software to test the same code, which it completed in one and a half hours and found 11% more vulnerabilities. According to Benson, the reasons the CodeScan Developer product is able to undertake a more complete review is that it is automated, consistent and comprehensive. Manual checking of code is time consuming and prone to errors, simply because it is manual and based on the individual knowledge base of the person checking.

Benson also says; “This is a significant milestone for our company, and a significant breakthrough technology for the on-line world. Providing such an affordable security product, especially given the risks that CodeScan Developer finds and addresses, means that we are providing a true enabling technology to make the Internet that much safer,”

Codescan Labs is planning to release Java as the next language in the next year.

About CodeScan Labs
CodeScan Labs is a leading information security research and development company based in New Zealand. CodeScan Labs focuses on security vulnerability research and specifically security vulnerabilities that can be identified at a source code level.

The solutions of CodeScan Labs are focussed around the CodeScan Developer products, with CodeScan Developer .ASP, PHP and now .Net released April 2009. With other web application software languages and Enterprise class functionality currently undergoing development.

CodeScan Labs enables companies to audit their web applications for security weaknesses by focussing on testing at the source code level. This has huge advantages over traditional penetration or web application testing, by testing security at the source.

ends

© Scoop Media