Yesterday Watchfire released the new 7.5 version of their AppScan tool. One of the cool features of this new version is the AppScan eXtensions Framework (AXF). This allows developers to write extensions to the AppScan product using any .NET language.
Denim Group was fortunate enough to be in an early access group that got first dibbs on playing with these extension capabilities. The first extension we put together is one that allows Watchfire AppScan users to automatically submit security issues found to Microsoft’s Team Foundation Server as Bugs to be addressed. Why did we choose to do this?
Although it may be trite to say, it is important to remember that security comes from a combination of people, processes and technology. Watchfire’s AppScan product is primarily focused on technology and it is good at what it does. What the AXF allows us to do is extend their technology-focused tool to better integrate it with organizational processes. Hopefully this plugin will help link up security groups with application development groups and foster better communication. Communication is THE key success factor we have seen for organizations trying to improve the security of their application development efforts.
Keep watching this space – over the next week or so I will be posting information about full plugins we have written as well as providing some tutorial information about how to write your own plugins for Watchfire AppScan 7.5 using the Application eXtension Framework.
dan _at_ denimgroup.com