Breaking News - Security:

Kenai Announces Web Services Inspection Tool

Kenai Systems Inc announced the immediate availability of a free beta version of eXamine 1.0, a Web Services inspection tool that enables developers to import WSDL files and to test with them for Web Services security vulnerabilities as defined in the WSDL document. eXamine 1.0 will be available as a free download until Dec. 15 at www.kenaisystems.com.

"The eXamine 1.0 product released today is the first member of a Kenai software product family that will provide a complete solution for Web Services Vulnerability Assessment and Management, addressing both design-based and attack-centric vulnerabilities," said Bill Kesselring, chief executive officer of Kenai Systems. "Web services developers need a tool that will enable them to identify, mitigate and test against the security vulnerabilities discovered in production environments. Kenai's complete solution will address security needs in the complete Web services life-cycle, including development, testing, and production. Enterprises will benefit increased security and more effective development and deployment processes."

Web Services: Vulnerable To Attack

Sixty-one percent of surveyed CIOs have said that security is their top Web Services concern. Web Services are vulnerable both to malicious attack and to failure in their ordinary course of operation as a result of design defects. Moreover, a majority of these vulnerabilities are "designed in," through either oversight on the part of developers, failure to consider current best practices or design gaps in the current generation of Web Services standards.

Web Services vulnerabilities may be loosely grouped into two categories. First, design-centric vulnerabilities include those related to standards non-compliance, lack of authentication enforcement, mishandling of digital signatures and failure to encrypt data. Second, attack-centric vulnerabilities include those aspects of Web Services that may be the target of probing attacks, coercive parsing or external reference attacks.

Industry analysts predict that the Vulnerability Assessment and Management security software market will grow to $2.2 billion by 2008. Gartner recommends that 50 percent of overall Web Services budgets should be spent on Web Services security.

Introducing eXamine 1.0

"Detecting Web Services vulnerabilities is a time-consuming and manual process, and few developers have all the security expertise actually required," said Jack Quinnell, chief technical officer of Kenai Systems. "eXamine 1.0 will help detect and eliminate Web Services vulnerabilities in the development phase and enable teams to build security into their Web Services."

eXamine 1.0 is the first building block of a complete best-practices Vulnerability Assessment and Management solution. Key features of eXamine 1.0 include: