News Stay informed about the latest enterprise technology news and product updates.

Fix expensive Web security weaknesses at a lower cost

Fortify’s new Fortify on Demand service offers penetration and static testing of binary code with an introductory price smaller than the 360 full service. On Demand is essentially the first half of Fortify 360, a security assessment service  that include penetration, static, runtime and real-time testing..  In our interview this week, Fortify’s Barmak Meftah  explained that the abridged version was created to give security testing capabilities to budget-constrained  software development teams. 

 

Penetration and static tests are key ingredients in application security testing, said Meftah, Fortify’s senior vice president of products and technologies.“What people often overlook is that static and penetration tests work complementary of one another. Although most companies choose one or other, mistaking them as the same test,” he said.

 

Fortify’s new service doesn’t require clients to bring their software in-house, thanks to White Hat-based software. Like Fortify 360, On Demand boasts  the ability to run tests live without disruption to a live-running, online application. Analyzing binary code is a good practice and doesn’t require an application to be brought in-house to test for weaknesses, Meftah said.  “We can assess the app and make changes live without altering the performance negatively or holding up online users,” he explained. “We can do this cheaply and easily, in a low-touch way. It is a great way to get started.”

 

On Demand’s service can run  multiple tests simultaneously without damaging the running application. The runtime and real-time analyses are designed to observe and report security and performance algorithms from within the application. On Demand can be also used to track  changes made in addition to monitoring the results of ethical hacking attempts.

 

“Our ideal client is a company that recognizes that they may have security issues and wants to know what the real risks are,” said Meftah. ” We show them our assessment, and if there are problems or even potential problems, we are able to show them what could happen if a spider, crawler or hacker infiltrates them,” said Meftah. Fortify helps testers “ethically or malicious hack our client’s applications without damaging them — recording the results of hacks and problems and reporting to them ways to repair the troubled app  This provides them some insight into where the risks are and what can be done to prevent issues.”

 

If a company using on Demand later decides to upgrade to 360, it gains the option of using White Hat as well as the runtime and real-time analysis.

 

 

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchMicroservices

TheServerSide.com

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

DevOpsAgenda

Close