Product Reviews

Quick Look: AppScan

Keep security in mind during the development process.

There were quite a few products that work within the VS .NET shell announced at the VSLive! Conference in February. One of these, AppScan DE, offers support for developers concerned with security in ASP.NET applications. I had a chance to see a pre-release build in action and chat a bit with the Sanctum folks about what the product can do and where it's heading.

The idea of AppScan DE is to help the average developer become more security conscious, and help them fix potential security holes before they're exposed. While some people can keep up with all the different ways that their Internet applications can be compromised, from SQL injection attacks to cross-site scripting, these are dark arts to many other developers. AppScan DE has built-in knowledge of hundreds of attacks, and can scan your code to find vulnerabilities.

To use AppScan DE, you create a new AppScan Project in your ASP.NET solution. Then it goes off and analyzes the code, testing it for vulnerabilities. If any are found, you get a list of what's wrong, together with jumps to the affected code, explanations of the problem, and extensive remediation suggestions. Tests are kept in the project tree, so at any point you can go back and see where things were historically. There's also an ability to record and playback business processes, so you can focus on particular parts of your application. One nice touch is an automatic interface to form fields, so that it can fill in plausible data as it rolls through your application. Of course you can customize the plausible data to your own needs, so even supplying a legitimate test user and password is quite easy.

All in all, this looks like a good alternative to having a security expert do constant code reviews (though I'd still want to get the expert involved somewhere along the line), and will help push security knowledge out into the wider developer community. Sanctum is also planning to release an auditing/QA tool at mid year that will extend some of this intelligence to auditing Web Services.

AppScan DE will be generally available March 17, with a $1,499 retail price and a roughly $1,000 per seat promotional price.

About the Author

Mike Gunderloy, MCSE, MCSD, MCDBA, is a former MCP columnist and the author of numerous development books.


  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.