Fortify 360 can be deployed to analyse code development throughout the software lifecycle: planning, coding, testing, deployment and the phase which is the major part of the cycle, maintenance.
The system be used to correct potential software flaws, and provides a portal for reporting and managing software throughout its entire lifecycle.
“You’d deploy Fortify 360 at any time throughout the coding cycle. For instance you can deploy the runtime component of the system, the runtime analyser, and if you see that the most frequent attack against your application is say, SQL injection hacks, you can guide your team to fix that problem in the code," said Fortify’s product development director Rob Rachwald.
Historically, security weak spots have been shielded by firewalls, with vulnerabilities detected by penetration testing, said Rachwald: "What you should be doing is fixing flaws from the inside-out, rather than the outside-in."
Fortify 360 would allow companies to ingrain software assurance into business processes, "seamlessly connecting security, software development and C-level business management teams," added Rachwald.
Fortify’s 360 includes an analysis module which checks applications at three levels: firstly, there is static analysis of the code itself; then analysis of the applications when they are running during quality assurance testing; and finally real-time monitoring when they have been deployed.
Rachwald suggested that Fortify 360 helps firms reign-in security spending. Hitherto, security costs have risen "year after year, but the number of flaws goes up likewise. You’d have thought that the more you spend, the fewer flaws you have, but we’re not seeing that.”
Fortify 360 also contains an audit workbench for correlating and prioritising flaws, so that the high risk problems can be dealt with first. There is also Instant Remediation Capability and Secure Collaboration modules, all overseen by Fortify Manager, a centralised security dashboard and control centre, which provides reporting, governance and policy management tools for tracking multiple application.
As well as the intrinsic security code metrics in Fortify 360, the package also provides developers with quarterly threat intelligence updates generated by Fortify Security Research Group researchers. These rule packs address why real world systems fail and advised customers how to best counter impending threats.
Fortify delivers software lifecycle assurance
By Dave Bailey on Apr 1, 2008 3:14PM