Vendors Team To Lock Down ApplicationsVendors Team To Lock Down Applications

Two security vendors, Web-security application-gateway maker NetContinuum Inc. and application-security assessment vendor SPI Dynamics Inc., have integrated their applications to better defend against Web-based attacks, which many analysts say comprise about 80% of all hacker attacks today.

Using an expanded XML schema, largely based on the proposed Application Vulnerability Description Language standard, information about potential software vulnerabilities gleaned from SPI's application-vulnerability scans can be sent to NetContinuum's NC-1000 Web-security gateway. When potential vulnerabilities are discovered, the NC-1000 Web-application firewall can interpret the results, and a security policy is automatically recommended for the target app. The configuration changes can be applied to the NC-1000 firewall to improve security.

"This is a direct link between vulnerability scanning and active firewall management," says Pete Lindstrom, a research director at Spire Security. "This is a good start and paves the way for more vulnerability scanners and firewalls to quickly exchange information to security systems."