eEye Digital Security tomorrow will make its first foray into the Web vulnerability space -- with a new member of its Retina Security Scanner family that roots out Web application flaws.
eEye founder and former CTO and chief hacking officer Marc Maiffret first revealed eEyes plans to add Web application scanning to its portfolio in an interview with Dark Reading last August. Maiffret said at the time that adding Web app scanning was a natural progression for eEye, which sells products focused on operating system and application vulnerabilities. (See eEye to Add Web Security.)
The new Retina Web Security Scanner is a rebranded version of NT Objectivess NTOSpider Web app vulnerability scanner, and is integrated with eEyes management console, REM. eEye also plans to offer an appliance-based version of the scanner software in the near future, says Morey Haber, vice president of product management at eEye.
The vulnerability landscape is evolving -- the truth is, there arent nearly as many flaws in Vista as there were with XP, Haber says. Web applications are just a new medium that represents the next step where [attackers] can penetrate. The tool can be used with the Retina Network Security Scanner: If youre doing vulnerability assessment and management you have to look at the implications from end to end, he says.
NT Objectives, whose NTOSpider Web app vulnerability scanner attracted attention last year for beating out IBM/Watchfires AppScan and HP/SPI Dynamicss WebInspect tool in an independent test and report, also licenses its product to Veracode. The cool thing is that they [eEye] are plugging this into their backend system, giving people a neat holistic view of whats going on in their network, says JD Glaser, CEO of NT Objectives.
eEyes Haber hinted that the company also may roll the Web scanner into its Preview services offering within the next few months, for a subscription-based Web app vulnerability assessment service that could compete with WhiteHat Security. (See eEye to Enter Security Services .)
Retina Web Security Scanner officially ships tomorrow and list pricing begins at $6,995.
Kelly Jackson Higgins, Senior Editor, Dark Reading