Compuware unveils DevPartner SecurityChecker as security incidents continue to rise

Powerful software tool finds and resolves security vulnerabilities during development of ASP.NET applications - before hackers can get close to them

Compuware has announced the availability of Compuware DevPartner SecurityChecker1.0, a powerful security analysis tool that enables developers to quickly scan, find and fix security vulnerabilities early in the development cycle of their ASP.NET applications written in either C# or Visual Basic .NET.

According to the CERT Co-ordination Centre (CERT/CC)*, which specialises in Internet security, security incidents and vulnerabilities are rising exponentially and, in spite of massive IT investment, more attacks are succeeding than ever before. Web attacks are getting easier, more powerful and causing more damage, and hacking tools - which are even available free on the Internet - are getting more sophisticated and require less expertise.

Through a combination of runtime, compile-time and integrity analysis, Compuware DevPartner SecurityChecker automates the process required to detect security vulnerabilities, enabling developers to pinpoint their exact location down to the line of source code.

"With attacks on internet applications increasing in scope and size, IT organisations are spending larger percentages of their budgets on security tools and solutions," said Rick Chau, Managing Director, Greater China for Compuware Asia. "Yet in spite of a wide range of technologies available, such as firewalls, anti-virus software and intrusion detection systems, the number of successful attacks continues to grow.

"Many security solutions focus on detecting or preventing attacks on networks or the systems that run across them, yet the vast majority of attacks come at the application layer not the network or system layer.

"A vulnerability found in production is expensive to resolve. If a security issue forces an organisation to remove the application from production to fix it, they've already lost the battle along with time and money. That's why DevPartner SecurityChecker is such a powerful tool. It finds and resolves vulnerabilities during development - before a hacker ever comes close to them.

"Unfortunately, many of today's software developers know little about application security and, as a result, they build applications to meet functional requirements rather than to prevent them from being broken."

DevPartner SecurityChecker automatically locates security vulnerabilities, which are then categorised and ranked by severity for easy prioritisation and repair by the developer. The product provides a description, contextual information and a suggested repair for each vulnerability detected.

As soon as the error is understood, the developer can double click on a security vulnerability, which will drill down to the actual method or line of source code. The developer can then fix the error, re-build the application using Visual Studio .NET and then re-analyse the ASP.NET application using DevPartner SecurityChecker to validate that the vulnerability has been fixed.

According to McAfee's recently published Virtual Criminology Report**, which revealed a disturbing trend in the hierarchy of cyber criminals that is evolving from the amateur cyber delinquent to the professional cyber gang, information theft is the most damaging category of Internet crime.

Leading research and analyst firm Gartner, also recently warned of a clear transition from security breaches by "bored teenagers" to attacks by "professional cyber criminals", that target government, the private sector and consumers.

Gartner also stated that the deployment of new and emerging security technologies in Asia Pacific still tends to lag behind North America. In addition, security breaches are not always reported in this region, in most cases, organisations tend not to disclose incidents unless there is a regulation or requirement to inform either authorities, media or CERT groups.

"Regulatory compliance driven by local, state, country, as well as those of trade or business neighbours and partners will affect IT and security in most Asia Pacific organisations," said Dion Wiggins, Gartner's research director and vice president. "This trend will continue to increase security demands on organisations in the near term. With international, especially US, companies increasingly looking to outsource and invest in Asia Pacific, it is also important that organisations in this region understand security concerns and adopt relevant technologies."

Compuware provides a full portfolio of products and services to reduce the complexity involved in developing, deploying and managing enterprise applications that deliver maximum business value. DevPartner SecurityChecker significantly extends Compuware's DevPartner product portfolio, which delivers a broad and deep view into application quality issues, enabling project teams to establish best practices for building quality software across the application development life-cycle.

Compuware Corporation

Compuware Corporation (Nasdaq: CPWR) maximises the value IT brings to the business by helping CIOs more effectively manage the business of IT. Compuware solutions accelerate the development, improve the quality and enhance the performance of critical business systems while enabling CIOs to align and govern the entire IT portfolio, increasing efficiency, cost control and employee productivity throughout the IT organisation. Founded in 1973, Compuware serves the world's leading IT organisations, including more than 90 percent of the Fortune 100 companies. For more information about Compuware, please visit Compuware at http://www.compuware.com/