Data and Database Management Software

Fortify Software Extends Leadership in Detecting the Most Complete Range of Security Vulnerabilities

Fortify Software, Inc. Jun 05, 2007


Latest rulepack update integrates intellectual property gained from Secure Software acquisition; includes protection from new attacks, such as JavaScript Hijacking

PALO ALTO, Calif., May 14 -- Fortify Software Inc., the market-leading provider of security products that help companies identify, manage and remediate software vulnerabilities to mitigate risks in enterprise security, today announced the release of a major update to the Fortify® Secure Coding Rulepacks. The update includes the integration of intellectual property obtained from Fortify's acquisition of Secure Software as well as coverage of critical vulnerabilities, such as JavaScript Hijacking, that pose a growing threat to modern software systems.

"Hacking techniques are getting more sophisticated by the day, making it critical for organizations to develop internal expertise to stay ahead," said Fortify Founder and Chief Scientist Brian Chess. "This rulepack update reflects a significant amount of new research in Ajax technology and hacking techniques. We're very excited to be in a position to help our customers secure their Web 2.0 applications."

"In addition to Fortify's ongoing internal research, this rulepack update integrates the very best from Secure Software's CodeAssure Knowledgebase," added Jacob West, Manager of Fortify's Security Research Group. "These additions enhance our current offering and will help our customers remain ahead of the hacking community."

Specifically, this rulepack update:

o Incorporates intellectual property from the Secure Software
CodeAssure Knowledgebase
o Detects the use of Ajax frameworks that are vulnerable to JavaScript
Hijacking, including versions of Google Web Toolkit (GWT), Direct
Web Remoting (DWR) and Microsoft ASP.NET AJAX (Atlas)
o Provides detailed remediation advice to help developers secure Web
2.0 applications
o Increases security coverage specific to Java 1.5 and the
java.security package
o Includes a variety of enhancements for software written in C and
C++, including superior support for the GLib, Microsoft Windows,
Pthread, and Sun RPC APIs

The integration of these new rules was conducted by Fortify's Security Research Group, a team of software security experts that focuses entirely on identifying new threats and developing ways to protect against them. Thanks to these efforts, Fortify continues to lead the industry in identifying threats and developing solutions to address them.

A full listing of security vulnerability categories can be viewed at http://www.fortifysoftware.com/vulncat/.

The rules developed by the Security Research Group are incorporated into Fortify's Suite of products:

o Fortify® SCA - The world's most proven and widely used source
code security analysis solution
o Fortify® Defender - A contextual Web application firewall that
operates inside the application to provide the most accurate and
comprehensive protection
o Fortify® Tracer - An essential tool for improving application
penetration tests; providing the exact line of code for each
vulnerability and identifying parts of the application the test
failed to reach

About JavaScript Hijacking

Last month, Fortify documented the first major vulnerability associated specifically with Web 2.0 and Ajax-style software. Termed JavaScript Hijacking, the vulnerability allows an attacker to steal critical data by emulating unsuspecting users. Fortify released an in-depth security advisory that details this vulnerability, how enterprises can determine if they are vulnerable, and how they can fix the issue.

A copy of this advisory can be downloaded at http://fortifysoftware.com/advisory.jsp.

About Fortify Software, Inc.

Fortify® Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security products-Fortify SCA, Fortify Manager, Fortify Tracer and Fortify Defender-drive down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners.

More information is available at www.fortifysoftware.com/.

Source: Fortify Software, Inc.

Web site: http://www.fortifysoftware.com/

White Papers & Case Studies

View All White Papers & Case Studies

View All Resources

All Topics

Manufacturing Innovation

Industry Trends

Engineering & Design

Sales & Marketing

Supply Chain

Career & Workforce

Company News

New Products

Thomas Index

Daily Bite

Find Suppliers, Insights, Tools and More...

Become part of North America's largest and most active network of B2B buyers and industrial/commercial suppliers.

Select From Over 500,000
Industrial Suppliers

Find and evaluate OEMs, Custom Manufacturers, Service Companies and Distributors.

Receive Daily
Industry Updates

Stay up to date on industry news and trends, product announcements and the latest innovations.

Search Over
6 Million Products

Find materials, components, equipment, MRO supplies and more.

Download 2D & 3D
CAD Models

10+ million models from leading OEMs, compatible with all major CAD software systems.
Start Sourcing Suppliers Claim Your Company Profile ico-arrow-default-right
Cookie Policy
Close
Thomas uses cookies to ensure that we give you the best experience on our website. By using this site, you agree to our Privacy Statement and our Terms of Use.
Accept