eEye to Add Web Security

AUGUST 1, 2007 | eEye Digital Security plans to add Web application security scanning to its new all-in-one vulnerability assessment appliance -- the company's first foray into the Web vulnerability space.

Marc Maiffret, CTO and chief hacking officer at eEye, said in an interview today that Web app security would be added to the REM Security Management 1505 Appliance "soon." "It's a natural progression for us to add Web app scanning," says Maiffret, who wouldn't divulge details of the new features.

Web app vulnerabilities top the charts in the Common Vulnerabilities and Exposures (CVE), with cross-site scripting and SQL injection as the top two of the most prevalent bugs reported. Security experts say nearly all Websites carry some XSS vulnerabilities, for example (See .)

"You can scan for missing patches and vulnerabilities, but you also need to know there's a SQL injection [flaw] as well," Maiffret says.

The new eEye appliance, which ships this month, was the company's first hardware-based offering. The company also recently launched a security intelligence service called Preview, which includes a portal-based service, and more customized services that give customers a heads up on undisclosed vulnerabilities and threats. (See .)

www.darkreading.com/