AMP
Security Throughout the Application Lifecycle

SPI Dynamics Assessment Management PlatformTM (AMP) is the comprehensive software platform for managing, tracking and measuring Web application security risk. AMP automates the Web application assessment management process across the enterprise by providing a scalable organization-wide view of application security with centralized control.

Simplifying Application Security Management
IT professionals who are responsible for developing, testing, or monitoring Web applications and Web services are constantly balancing limited resources against ever-increasing security assessment needs. As more people across the organization assess more applications for security defects, the process becomes exponentially more complicated. As you integrate security scanning throughout the enterprise, it is critical to be able to control which Web sites are scanned, when they can be scanned and who can scan them. Without these controls in place, conducting security scanning across your organization can be a risky proposition. An automated solution enables you to manage the growing assessment process and gather results in a central location. AMP simplifies application security risk management by providing a complete solution for managing, tracking and measuring Web application security threats and the resultant risk. Security professionals, developers and quality assurance professionals use AMP to analyze Web applications for security vulnerabilities and track results.

AMP enables departments to share information and collaborate to remove security vulnerabilities early in the software development lifecycle while providing the metrics senior executives need to monitor and track progress.

A Lifecycle Approach
SPI Dynamics delivers a comprehensive solution which includes products and services that identify and remediate security vulnerabilities throughout the Web application lifecycle. Our solution fosters collaboration among developers, QA testers and security professionals. This approach significantly reduces the risk and expense typically associated with discovering vulnerabilities in production. By identifying vulnerabilities before applications are released to production and ensuring that no new vulnerabilities are introduced throughout the life of the application, trustworthy software becomes a reality.

Start Secure. Stay Secure.TM Security Assurance Throughout the Application Lifecycle

How AMP Helps You
AMP is the only product available today that gives you the ability to manage the application assessment process across the enterprise. AMP enables you to find more application vulnerabilities throughout the application lifecycle and maintain continuous security awareness without adding more resources.

By centralizing all assessment results in one database, security professionals have access to a snapshot view of the organization's state of security. AMP's site catalog view gives an enterprise snapshot of security by showing all identified sites and their most recent scan results.

AMP's sophisticated management capabilities enable granular control over user access, scan rights, reports and assessment schedules.

Maintain Continuous Security Awareness AMP's sophisticated management capabilities automatically keep up with your organization's numerous Web applications and security activities so that you don't have to. AMP aggregates Web application security data from across the organization to give you the current state of security readiness whenever you need it. AMP's scheduling capabilities offer you the flexibility to scan applications when it makes the most sense for your business and network. Complete More Assessments Without More Resources AMP's distributed scan architecture allows for simultaneous scanning of multiple applications so that you can scan more applications without more resources. It does this by enabling you to manage user controlled scan clients such as SPI Dynamics' WebInspectTM and QAInspectTM, or control remote scan sensors to perform fully automated assessments. Advanced users can continue to use SPI Dynamics' desktop application scanners for complex custom applications while still gaining the benefits of centralized assessment management through AMP. Additionally, you can configure AMP to discover sites and scan them for vulnerabilities. Centrally Manage Distributed Teams AMP's sophisticated management capabilities give you granular control over user access, scan rights, reports and assessment schedules so that you can determine which sites are scanned, when they can be scanned and who can scan them. AMP extends the security team by enabling security professionals to activate and schedule managed application assessments. Security professionals can track all application security activity across the enterprise through AMP's advanced security and audit logging features. Engineers performing security assessments in the field can disconnect from AMP and then synchronize their results when they reconnect.

Find Security Vulnerabilities Throughout the Application Lifecycle SPI Dynamics' products are designed to help your organization save time and money by catching security defects as early in the application development lifecycle as possible. AMP is the unifying platform that brings all of these products together to be the most effective end-to-end security testing solution available: DevInspectTM for developers, QAInspect for quality assurance professionals and WebInspect for security professionals. These products help you find security defects early and continuously monitor security throughout the life of the application. Track and Manage using Sophisticated Reports` AMP centralizes all assessment results in one database giving security professionals a snapshot view of the organization's security posture. Additionally, AMP helps you track application security trends across all applications over time. This centralized data eliminates the need for collecting assessment results from security professionals and manually creating reports. AMP's executive dashboard includes the critical metrics you need to monitor application security across development, quality assurance and production. The dashboard presents critical issues using a weighted vulnerability scoring system. The dashboard's drill-down capability allows you to find the specific details about which Web sites are the most vulnerable. All report data can be exported in an XML format so it can be imported into other applications as needed. Leverage Product's Extensibility It is easy to customize AMP for your environment. AMP's Web services API provides many ways to integrate with existing systems. AMP sensors connect with the AMP Manager using a fault tolerant network transport to ensure that scan data is not lost on even the most distributed networks.

AMP Overview
AMP's sophisticated assessment management capabilities allow you to:
Manage the Assessment Process Schedule automatic remote scans Control scan clients remotely Connect existing scan clients to AMP Upload and download scan data directly from AMP remote clients for analysis Control scan policies and manage settings centrally Limit scanning rights by user or role Maintain Continuous Security Awareness Discover rogue sites automatically Review updated catalog of detected and scanned applications Perform immediate security assessments on discovered sites Centralize Scanning Administration Administer roles and permissions centrally Control user and object permissions at a granular level Review detailed audit logs Configure role specific templates and settings Implement SmartUpdateTM across the enterprise Generate SNMP and E-Mail Alerts Scale the Assessment Process Scan multiple applications simultaneously Grow scan capabilities as needed Scale scanning process across difficult network environments easily Leverage Product's Extensibility Integrate with existing applications using the Web services API Use XML export for data manipulation Track and Manage using Sophisticated Reports Detailed trend reports Template-driven customizable reports Comprehensive custom reports for regulatory compliance Executive dashboard for summary view of enterprise security posture
AMP's executive dashboard includes the critical metrics you need to monitor application security across the enterprise and across development, quality assurance and production. The dashboard highlights critical issues based on a weighted vulnerability scoring system.

AMP System Requirements
AMP Server
1 GB of RAM 1 GB (remote database) or 150 GB of free disk space (local database) 2 GHz processor or better Microsoft .NET 1.1 An active Internet connection (for updates) Internet Explorer 6.0 Windows Server 2003 Standard SP1

AMP Architecture

AMP Console
256 MB RAM 150 MB required (2 GB of free disk space preferred) 1 GHz processor or better Microsoft .NET 1.1 SP1 An active Internet connection (for updates) Internet Explorer 6.0 Windows XP Professional SP2, Windows Server 2003 Standard SP1

AMP Database
1GB of RAM 150 GB of free disk space 2 GHz process or better Microsoft SQL Server 2000 SP4 or SQL Server 2005

AMP Client
See system requirements for WebInspect or QAInspect
AMP's innovative distributed architecture is the foundation that enables you to scan multiple applications simultaneously and gives you the ability to control which sites people scan, when they can be scanned and who can scan them.

Why AMP?
AMP is the only application security platform that offers these innovative capabilities:
Remotely manages assessment activities of scan clients and their users Coordinates the assessment activities of development, quality assurance testing and production Manages and launches multiple scans simultaneously Distributed architecture provides the most scalable assessment platform possible Engineers performing security assessments in the field can disconnect from AMP and then synchronize their results when they reconnect

Key Benefits
Enables developers, quality assurance and security professionals to collaborate to remove security vulnerabilities early in the software lifecycle, thus reducing the risk of security breaches Enables developers, quality assurance teams and security professionals to focus on remediation of vulnerabilities instead of how and when to perform scans Saves security professionals' time by automatically maintaining security awareness across the enterprise Simplifies and automates security assurance by consolidating enterprise security data into usable management and audit reports Enables you to scale the assessment management process without compromising mission critical runtime applications through granularly controlled user access and information sharing Improves information sharing across distributed teams through enterprise-wide reporting and centralized security management Extends security team's reach with AMP sensors that manage application assessments without hands-on user interaction

About SPI Dynamics
SPI Dynamics delivers a comprehensive suite of products and services that help to identify and remediate Web application and Web services security vulnerabilities found at key stages throughout the Web Application Lifecycle. SPI Dynamics solutions enable security professionals, QA testers, and developers to work together to assess, analyze, and remediate Web applications and Web services for security vulnerabilities, and verify compliance with over 20 security policies like SOX, HIPAA and PCI. The Company's unique approach of patent-pending Intelligent EnginesTM technology combined with the largest Web application security vulnerability knowledgebase in the industry delivers unparalleled speed and accuracy. SPI Dynamics' research and development team, SPI Labs, is widely recognized as one of the world's leading authorities on Web application security and risk management. The Company has over 750 customers among Global 2000 enterprises, including over 70 U.S. Federal accounts, and has strategic partnerships with Microsoft, IBM, Mercury, CSC and Visa with Visa investing in the Company in 2005. SPI Dynamics is privately held with headquarters in Atlanta, Georgia. For more information on Web application security, visit www.spidynamics.com or call 1.866.774.2700.

115 Perimeter Center Place, Suite 1100, Atlanta, GA 30346 Tel: 1.866.774.2700 | Fax: 678.781.4850 | Email: info@spidynamics.com

Copyright ©2006, SPI Dynamics Incorporated. All Rights Reserved.
A20-072406