Fortify, HP give hybrid view of app security
February 22, 2010 —
(Page 1 of 2)
Using advanced correlation of both static and dynamic testing of Web applications, Fortify Software and HP today announced a new security-analysis technology they call Hybrid 2.0. It enables improved visibility into security risks, increased test accuracy and faster reactions to exploits, and it connects penetration test results directly to source code analysis.
“Everyone is looking for getting better reporting,” said Jeff Morgan of HP’s Application Security Center product management team, “but the reality is that to get there, you need to aggregate information and actively correlate before you get to the reporting stage.”
Bringing together the outside-in view of dynamic testing and the inside-out view of code scanning, Hybrid 2.0 delves deeper into vulnerabilities and also automates the priority process. This enables the elimination of manual time spent on identifying an exploit, alleviating pressures from a business, development and security point of view.
Other companies, such as IBM, have also moved toward the hybrid security software space, said Joseph Feiman, a Gartner analyst. IBM acquired dynamic testing company Watchfire in 2007 and static analysis company Ounce Labs in August of 2009, giving the company the elements to take a hybrid approach to security testing.
The traditional approach to security is to employ a strategy of penetration testing, which enables easy prioritization of critical issues, or static analysis, which gives greater detail regarding paths of code that can be exploited, said Russell Spitler, Fortify’s enterprise software product manager. “There’s always a bit of a political war as to which would be the best approach” for security testing, he said.
Tools from the HP Assessment Management Platform and Quality Center, along with Fortify Source Code Analysis and Fortify Program Trace Analyzer, bring Hybrid 2.0 to life and give teams deeper visibility into vulnerabilities. The Program Trace Analyzer can integrate with the application server running the penetration test, so users “can observe an attack from inside the business logic and see the exact place in the code where an exploit is taking place,” Spitler said. “You get a rich view of the application status when it’s attacked, with concrete examples of vulnerabilities.”
Related Search Term(s): Fortify, Hewlett-Packard, security
Share this link: http://sdt.bz/34144
Most Read Latest News Blog Resources
Zeichick’s Take: Radio moves from analog waveforms to digital packets
Streaming radio highlights the need for streaming applications to be designed to take up as little bandwidth as possible
|
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Appcelerator Acquires Cocoafish to Add Instant Mobile Cloud Capabilities to its Industry Leading Titanium Platform
Appcelerator Offers Messaging, Social, Location and Storage Mobile Cloud Services to All Mobile App Publishers
|
|
ComponentOne Releases a Collection of 40+ UI Widgets Powered by HTML5 and jQuery
ComponentOne has announced the 2012 release of Wijmo: a kit of UI widgets for HTML5 and jQuery development
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles
|
|
Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions
|
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
|
|
Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
|
|
RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
|
|
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
|
The Hidden Costs of Software Licensing
Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...
|
|
Case Study: You May Need a Development Mechanic
As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...
|
|
Ensuring Software Quality at a Major International Bank
One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...
|
|
Load Testing Adobe Flex Applications
Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...
|