Watchfire AppScan Extensions

Yesterday Watchfire released the new 7.5 version of their AppScan tool.  One of the cool features of this new version is the AppScan eXtensions Framework (AXF).  This allows developers to write extensions to the AppScan product using any .NET language.

Denim Group was fortunate enough to be in an early access group that got first dibbs on playing with these extension capabilities.  The first extension we put together is one that allows Watchfire AppScan users to automatically submit security issues found to Microsoft’s Team Foundation Server as Bugs to be addressed.  Why did we choose to do this?

Although it may be trite to say, it is important to remember that security comes from a combination of people, processes and technology.  Watchfire’s AppScan product is primarily focused on technology and it is good at what it does.  What the AXF allows us to do is extend their technology-focused tool to better integrate it with organizational processes.  Hopefully this plugin will help link up security groups with application development groups and foster better communication.  Communication is THE key success factor we have seen for organizations trying to improve the security of their application development efforts.

Keep watching this space – over the next week or so I will be posting information about full plugins we have written as well as providing some tutorial information about how to write your own plugins for Watchfire AppScan 7.5 using the Application eXtension Framework.

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *