RSS Alerts

Share

More services

Related Links

Related Stories

  • Fortify cautions on new WiFi security threat
    The WiFi Alliance is putting the finishing touches to a peer-to-peer version of its popular WiFi standards. Known as WiFi Direct, the proposed standard allows WiFI devices to link directly to each other, without the need for a router or access point, something which poses a potentially serious security threat to companies with WiFi networks, according to Fortify.
  • Fortify warns on Ministry of Defence XSS site flaw
    The ongoing industry security problem of cross site scripting (XSS) flaws has hit the Ministry of Defence, Fortify Software, the application vulnerability specialist, has reported.
  • Three quarters of companies think they are vulnerable to hacking
    Seventy three percent of IT professionals admit their software applications are vulnerable to hackers in a survey conducted by application security specialists Fortify Software at this year’s Infosecurity Europe in London.
  • From the Eye of the Storm: 2011 Information Security Predictions
    Last January, Infosecurity magazine published prognostications by the (ISC)² Advisory Board of the Americas (ABA) regarding the information security field in 2010. Unlike many who have attempted to envision the future, the ABA has gone back and reviewed the accuracy of its predictions and provided a letter grade for each. The ABA will then offer new predictions for 2011.
  • Interview: Webroot's Dick Williams
    Meet Dick Williams. At 67 years old, the slight, gentle veteran should, theoretically, be throwing in the towel. Far from being weathered by too many years in business, however, the Webroot CEO has used his career to retain wisdom, enthusiasm and business intuition. Eleanor Dallaway meets Dick Williams and discovers that not only is he not ready for retirement, he’s actually in his prime.

Top 5 Stories

News

Fortify introduces SaaS edition of its application vulnerability technology

10 December 2009

After several months of testing with a few clients, Fortify has rolled out a software-as-a-service (SaaS) version of its application vulnerability technology, Fortify 360.

According to Barmek Meftah, Fortify's senior vice president of products and technology, the move will allow companies using custom-developed or third-party-sourced programme code to verify - usually within a matter of hours - that their software is secure.

Fortify 360 already provides this type of service but, Meftah told Infosecurity, the SaaS version - Fortify on Demand - is a much more economically-priced facility, but without the remediation option.

"Most of our 360 customers are companies that want the option of checking their programme code is secure, and also seeking corrections from us when it is not", he said.

"Under the SaaS version, companies can upload their code and, within a short while, get verification that that code is secure and, if it is not, for any reason, we can tell them what's wrong", he added.

This is what Fortify calls `static analysis' and is, he explained, a low-cost alternative for companies wanting to try out Fortify's application vulnerability services.

As such, he told Infosecurity, it's an ideal means of trialling the service and comparing it to other code security services the company is using.

But won't potential clients of the 360 service sign up for the lower-priced SaaS facility, Infosecurity asked.

Fortify's research suggests this won't happen, he replied, adding that the type of company going for the SaaS option is likely to be quite different from the customer profile of the 360 service.

Going for the SaaS option also allows Fortify to offer penetration testing facilities from WhiteHat Security, which Meftah said allows clients to assess and remediate security vulnerabilities in applications without installing software on-premise.

"As the number of data breaches resulting from attacks against enterprise applications continues to grow, there is a real need for software security technology that is quick and easy to implement while still providing a thorough assessment of your code", he said.

"For many organisations, the task of deploying an enterprise-wide software security programme can be daunting. Fortify on Demand offers an easy first step for companies that need to assess their overall risk exposure and quickly implement a software security programme", he said.

Specifically, Fortify said that its SaaS offering integrates source and binary code analysis with web application scanning, focusing on a core set of more than 90 vulnerabilities in the most popular applications.

This article is featured in:
Application Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012