Fortify Software Extends Leadership in Detecting the Most Complete Range of Security Vulnerabilities |
(Archive News Story - Products mentioned in this Archive News Story may or may not be available from the manufacturer.)
Fortify Software, Inc
2215 Bridgepointe Pkwy, Suite 400
San Mateo, CA, 94404
USA
Press release date: May 14, 2007
Latest rulepack update integrates intellectual property gained from Secure Software acquisition; includes protection from new attacks, such as JavaScript Hijacking
PALO ALTO, Calif., May 14 -- Fortify Software Inc., the market-leading provider of security products that help companies identify, manage and remediate software vulnerabilities to mitigate risks in enterprise security, today announced the release of a major update to the Fortify® Secure Coding Rulepacks. The update includes the integration of intellectual property obtained from Fortify's acquisition of Secure Software as well as coverage of critical vulnerabilities, such as JavaScript Hijacking, that pose a growing threat to modern software systems.
"Hacking techniques are getting more sophisticated by the day, making it critical for organizations to develop internal expertise to stay ahead," said Fortify Founder and Chief Scientist Brian Chess. "This rulepack update reflects a significant amount of new research in Ajax technology and hacking techniques. We're very excited to be in a position to help our customers secure their Web 2.0 applications."
"In addition to Fortify's ongoing internal research, this rulepack update integrates the very best from Secure Software's CodeAssure Knowledgebase," added Jacob West, Manager of Fortify's Security Research Group. "These additions enhance our current offering and will help our customers remain ahead of the hacking community."
Specifically, this rulepack update:
o Incorporates intellectual property from the Secure Software CodeAssure Knowledgebase o Detects the use of Ajax frameworks that are vulnerable to JavaScript Hijacking, including versions of Google Web Toolkit (GWT), Direct Web Remoting (DWR) and Microsoft ASP.NET AJAX (Atlas) o Provides detailed remediation advice to help developers secure Web 2.0 applications o Increases security coverage specific to Java 1.5 and the java.security package o Includes a variety of enhancements for software written in C and C++, including superior support for the GLib, Microsoft Windows, Pthread, and Sun RPC APIs
The integration of these new rules was conducted by Fortify's Security Research Group, a team of software security experts that focuses entirely on identifying new threats and developing ways to protect against them. Thanks to these efforts, Fortify continues to lead the industry in identifying threats and developing solutions to address them.
A full listing of security vulnerability categories can be viewed at http://www.fortifysoftware.com/vulncat/.
The rules developed by the Security Research Group are incorporated into Fortify's Suite of products:
o Fortify® SCA - The world's most proven and widely used source code security analysis solution o Fortify® Defender - A contextual Web application firewall that operates inside the application to provide the most accurate and comprehensive protection o Fortify® Tracer - An essential tool for improving application penetration tests; providing the exact line of code for each vulnerability and identifying parts of the application the test failed to reach
About JavaScript Hijacking
Last month, Fortify documented the first major vulnerability associated specifically with Web 2.0 and Ajax-style software. Termed JavaScript Hijacking, the vulnerability allows an attacker to steal critical data by emulating unsuspecting users. Fortify released an in-depth security advisory that details this vulnerability, how enterprises can determine if they are vulnerable, and how they can fix the issue.
A copy of this advisory can be downloaded at http://fortifysoftware.com/advisory.jsp.
About Fortify Software, Inc.
Fortify® Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security products-Fortify SCA, Fortify Manager, Fortify Tracer and Fortify Defender-drive down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners.
More information is available at http://www.fortifysoftware.com/.
Source: Fortify Software, Inc.
Web site: http://www.fortifysoftware.com/
|
|
|
|
|
|
| 
