Fortify 360 supports you with regard to identification, prioritization and elimination of security vulnerabilities in your software.
Fortify 360 consists of four components: Vulnerability Detection, Collaborative Remediation, Reporting & Governance and Intelligent Threat Management.
The Fortify 360 analysis excels above other software security solutions. It provides the first solution to integrate dynamic and static analysis. Both a Static Code Analzyer (SCA) and two dynamic Analysis Tools are provided: a testing-phase focused Program Trace Analyzer (PTA) and a production-phase focused Real Time Analyzer (RTA). The analysis methods work separately and complement one another in order to increase effectiveness significantly as compared with using a single method. The results are saved in a common repository. Furthermore, Fortify offers, in the form of periodic updates, a constant advancement of the threat basis.
Static analysis: Source Code Analyzer (SCA)
The SCA-component of Fortify 360 is deployed during or after development. It scans the source code of an application for vulnerabilities that could constitute a security risk. It identifies a multitude of vulnerabilities at an early stage of the development cycle. This offers a special advantage: any correction at this early stage has relatively low costs.
Dynamic analysis: Program Trace Analyzer (PTA)
The PTA-component is deployed during the QA test. It identifies vulnerabilities that are detectable only during run time. Furthermore, it verifies the results of the SCA phase and prioritizes them more accurately.
Dynamic observation and protection: Real-Time Analyzer (RTA)
The RTA-component offers real-time observation of active applications. It identifies how, when and by whom an application has been attacked. Furthermore, RTA can protect applications proactively against different types of attacks.
Collaborative Remediation supports quick counteraction against software vulnerabilities. Appropriate reaction demands good team work of all stake holders, including: security, quality management and development organizations. With the assistance of the centralized console and the possibilities of correlation and prioritization, Fortify accomplishes efficient team work to clarify security issues.
Fortify 360 enables the management, tracking and reporting of application tests and security. Thus, those responsible for security can pursue projects, recognize trends, report to management and cooperate with developers to clarify potential questions and problems. Security auditors can handle multiple audit projects from one single console. Furthermore, security policies for all software projects can be determined and supervised. Reports to the management as well as the security and development teams can be created automatically. Integrated trend analysis enables companies to pursue the process of securing software over defined periods of time.
The component “Intelligent Threat Management” is Fortify 360’s comprehensive vulnerability data base, which is maintained by an industry-wide unique Fortify research team. Updates are published quarterly.
BENEFITS FOR YOU
Fortify 360 uses 360 analysis in order to find software vulnerabilities and provide you with the fastest and most thorough method for recognizing threats. With the assistance of 360 analysis, companies can use a combination of static and dynamic analysis to recognize the maximum possible number of threats – Fortify 360 identifies more than 225 different types. It is possible to choose between different methods of detection in order to obtain the fastest results in various systems and environments. Maximum code coverage with dynamic analysis is guaranteed by a test suite to determine vulnerabilities, which also allows supervision of active applications. Correlate and prioritize the results of the static and dynamic analysis. Share insights about vulnerabilities with the security and development teams and integrate them into existing tools and processes. In this way, rapid and cost-efficient elimination of vulnerabilities is guaranteed.