TOKYO, March 31 2015—Bitforest Co., Ltd. has just released a free open beta for VAddy (http://vaddy.net), its continuous web security testing service that connects with continuous integration (CI) tools. The free beta allows software developers to scan their web applications for security vulnerabilities whenever and as often as they like.

Although many of today’s DevOps environments have already automated a wide variety of tests, not many have automated security tests. To remedy this situation, VAddy simplifies the process of automating security tests with CI tools.

VAddy’s security tests are optimized for continuous integration workflows, which involve frequent iterations between software development and testing. Once configured, VAddy can run security tests alongside other existing tests during each CI cycle. By running security tests repeatedly from the first stages of a web application’s development until well after the application’s release, VAddy allows software developers to add new features without worrying about introducing new vulnerabilities.

VAddy provides a Jenkins plugin ( https://wiki.jenkins-ci.org/display/JENKINS/VAddy+Plugin ) and Ruby client ( https://github.com/vaddy/vaddy-api-ruby); with just a few simple settings, it can be connected to Jenkins, Travis CI and CircleCI. VAddy also has a public API (https://github.com/vaddy/WebAPI-document/blob/master/VAddy-WebApi.md) that developers can use to create their own client tools.

Because VAddy implements black-box penetration testing, it is compatible with all programming languages. VAddy is built by technical experts around a large library of security issues that span a wide range of languages and frameworks; it thus has a solution for any web development stack.

VAddy does not require software developers to have extensive knowledge of security issues. VAddy’s security experts are continually tuning and updating its diagnostic engine to address the latest security threats so that teams can easily develop secure applications without special domain knowledge.

“We chose the name ‘VAddy’ as an abbreviation of the phrase ‘Vulnerability Assessment is your Buddy’ with the sincere hope that it would help developers create more secure web applications,” said Yasushi Ichikawa, VAddy’s project manager. “Our goal for VAddy is to allow developers to confidently release secure products by continuously running security tests from the start of a product’s development until after its release.”

Bitforest Co., Ltd. expects to announce premium VAddy plans in summer 2015.
Sign up for free