<p>Seeker from Quotium takes a somewhat different approach to application security from most similar products. First, it does code analysis, but not just static code analysis. It injects an agent onto the server. The agent connects to the process and reports the results of any requests sent to the process. They look at data, not just code. If I am an attacker, I am after your data. So Seeker looks closely at how the processes in the application respond to attempted interactions with data.</p><p>A solid feature of this product is that it is intended for developers, not for security testers. Seeker integrates nicely with the application development process and is intended to be used by developers. It is industry standard, complying closely with Open Web Application Security Project (OWASP) criteria. And, perhaps best of all, it identifies risks from a business impact perspective. Because it performs export verification, false positives are extremely rare to non-existent.</p><p>One starts using Seeker by installing its agent on an application server and teaching it the user's application. As one works through their application, it learns how it is supposed to behave. Installs should have two users so that admins can look at the interactions between users. Once it learns the application, the user can start applying all of the functionality of the in-house app and Seeker will start its analysis.At a glance</p><p>Product: Seeker</p><p><a href="http://www.scmagazine.com/first-look-seeking-application-security/article/259610/">Keep reading...</a></p><p>Read also:</p><p><a href="http://www.marketwatch.com/story/announcing-contrasttm-a-revolutionary-new-service-that-illuminates-web-application-vulnerabilities-from-within-2012-10-01">Announcing Contrast(TM) - A Revolutionary New Service that Illuminates Web ...</a> (MarketWatch (press release))</p><p>Explore: <a href="http://news.google.com/news/more?pz=1&ned=us&ncl=d4PXWtyprC_sXUMiRU6rg9oASu9eM">4 additional articles.</a></p>