Security attacks are becoming more prevalent and costly. These attacks often lead to losses of critical information, decreases in productivity, and negative effects on corporate reputation. For example, various worms were able to spread through the Internet in 2001 and infect over 850,000 servers, resulting in the disruption of operations of the affected businesses and organizations. While traditional security devices, such as firewalls and intrusion detection systems (IDS), are effective at the network layer, these devices are unable to provide effective security in the application layer.
Additionally, networks have become more critically complex. It is difficult to test the myriad scripts and protocols even on a small business network, let alone on networks that span nationally and globally. Thus, creating tests for extremely complex protocols can be complex, costly, and, in some instances, not feasible.
Additionally, due to security, virus, and other issues critically affecting networks, there is an overwhelming market need for network and software application risk management products.
Accordingly, there is a need for an apparatus and method that provide effective detection and testing of vulnerabilities and that will overcome the deficiencies mentioned above.