Fortify introduces SaaS edition of its application vulnerability technology

According to Barmek Meftah, Fortify's senior vice president of products and technology, the move will allow companies using custom-developed or third-party-sourced programme code to verify - usually within a matter of hours - that their software is secure.

Fortify 360 already provides this type of service but, Meftah told Infosecurity, the SaaS version - Fortify on Demand - is a much more economically-priced facility, but without the remediation option.

"Most of our 360 customers are companies that want the option of checking their programme code is secure, and also seeking corrections from us when it is not", he said.

"Under the SaaS version, companies can upload their code and, within a short while, get verification that that code is secure and, if it is not, for any reason, we can tell them what's wrong", he added.

This is what Fortify calls `static analysis' and is, he explained, a low-cost alternative for companies wanting to try out Fortify's application vulnerability services.

As such, he told Infosecurity, it's an ideal means of trialling the service and comparing it to other code security services the company is using.

But won't potential clients of the 360 service sign up for the lower-priced SaaS facility, Infosecurity asked.

Fortify's research suggests this won't happen, he replied, adding that the type of company going for the SaaS option is likely to be quite different from the customer profile of the 360 service.

Going for the SaaS option also allows Fortify to offer penetration testing facilities from WhiteHat Security, which Meftah said allows clients to assess and remediate security vulnerabilities in applications without installing software on-premise.

"As the number of data breaches resulting from attacks against enterprise applications continues to grow, there is a real need for software security technology that is quick and easy to implement while still providing a thorough assessment of your code", he said.

"For many organisations, the task of deploying an enterprise-wide software security programme can be daunting. Fortify on Demand offers an easy first step for companies that need to assess their overall risk exposure and quickly implement a software security programme", he said.

Specifically, Fortify said that its SaaS offering integrates source and binary code analysis with web application scanning, focusing on a core set of more than 90 vulnerabilities in the most popular applications.

What’s Hot on Infosecurity Magazine?