Hybrid 2.0 is a tool integrating dynamic application security testing (DAST) and static application security testing (SAST) in a hybrid approach, according to HP and Fortify. However, they argue that it goes beyond simple hybrid testing, which simply aggregated results from separate dynamic and static testing processes, and presented them to a software testing user.
"This 'after-the-fact correlation' presents the user with a simple list of discovered issues. A human must then manually sift through the results in order to perform root cause analysis and prioritize remediation efforts," said the companies in a white paper.
The Hybrid 2.0 tool is designed to more closely align penetration testing (DAST) results with source code analysis of web applications, to provide a cohesive view of an application's security issues. It links together more vulnerabilities discovered by the DAST and SAST tools, and then analyzes the proximity of issues to prioritize the riskier ones.
“The correlation of both static and dynamic testing solutions increases the accuracy of vulnerability detection, reduction of both false-positives and false negatives, and broader coverage of the application,” said Joseph Feiman, VP and Gartner Fellow.
Hybrid 2.0 integrates the HP Assessment Management Platform (AMP) with Fortify's Source Code Analysis (SCA) and Program Trace Analyzer (PTA) products.The integrated package will ship in the second half of this year.