Archive Press Release
(Products mentioned in this Archive Press Release may or may not be available from the manufacturer.)
Release date: October 23, 2006
Fortify Software Introduces Fortify Tracer to Improve the Effectiveness of Black Box Security Testing
New Software Security Technology Makes Every Manual and Automated Black Box Security Test Measurable and More Actionable
PALO ALTO, Calif., Oct. 23 -- Fortify Software, the leading provider of security products that help companies identify, manage, and remediate software vulnerabilities, today announced the introduction of Fortify(R) Tracer. Fortify Tracer provides code-level information so that black box security testers can:
1) Measure in a consistent way the percentage of security-critical points actually reached by black box security tests;
2) Speed remediation of identified vulnerabilities;
3) Discover additional runtime vulnerabilities that black box security testing tools cannot find.
"While black box security testing is important for analyzing the security of deployed applications, its scope is limited by the fact that the testing resides outside of the application," said Barmak Meftah, VP of Products & Services, Fortify Software. "Our research and early product feedback demonstrates the importance of knowing how many of a web application's security-critical points are covered during a test. In addition to providing this important metric, Fortify Tracer helps security professionals improve the effectiveness of their black box security tests and fix security flaws faster."
By providing code level information, Fortify Tracer helps security professionals adjust their black box testing efforts to cover more of the application and identify additional vulnerabilities. Fortify Tracer can be used in conjunction with any manual or automated security testing procedure, providing consistency and repeatability among independent application security tests.
"Fortify Tracer is a valuable addition to any black box application testing toolkit," said Andrew Nairn, Co-Founder of Gotham Digital Science, a leading security testing provider for Fortune 100 companies. "The detailed runtime information and code coverage statistics provided by Fortify Tracer will really assist security teams in performing more effective and comprehensive black box assessments."
"Fortify Tracer's code-level information is an exciting complement to AppScan, the market leading web application security testing solution," stated Michael Weider, CTO, Watchfire. "Used together, these two products will give customers a powerful solution that not only yields more secure applications but demonstrates how the Fortify-Watchfire partnership continues to provide meaningful security solutions for both our customers and the industry."
About Fortify Tracer
Fortify Tracer provides reports on coverage percentages and code-level details about runtime security errors discovered during automated and manual application penetration tests. Its patent-pending Call Site Monitor(TM) technology tracks security-critical APIs, such as database and file system, within the web application itself, and detects runtime vulnerabilities that are not visible through an application's web interface.
Fortify Tracer details which security-critical function points of a given application are actually exercised by specific penetration tests. In doing so, it helps security professionals evaluate and correct their tests, and remediate vulnerabilities much faster by showing them the actual location of vulnerabilities in the source code.
Fortify Tracer features include:
o Insightful security coverage reports detail percentage of security-critical functions exercised during a test. Key areas of the application that interact with sensitive interfaces, such as Web input, the database, and the file system, are tracked separately to provide additional coverage information;
o Patent-pending Call Site Monitor technology works from inside to provide vulnerability identification at the root cause;
o Dashboards clearly communicate key metrics and allow users to compare runs, inspect issues, and find the flaws quickly and easily;
o Fortify Tracer currently works on any J2EE executable (.war/.ear) files; users simply point to the file and the Fortify instrumentation engine inserts monitors at security-critical call sites;
o Detailed reports show vulnerabilities according to their categories, such as cross-site scripting and SQL injection.
Fortify Tracer is available today.
In a report released today, Fortify Software disclosed its findings that manual and automated web application black box security tests generally reach less than 50% of security-critical sites within the code. The report is based on sixty days of empirical data gathered from Fortify Tracer's black box security tests on numerous applications varying in function, size, and complexity. The full report is available today at www.fortifysoftware.com/fortifytracer/report.
About Fortify Software, Inc.
Fortify Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security products, Fortify Source Code Analysis (SCA), Fortify Tester, Fortify Tracer and Fortify Defender drive down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and Fortune 500 companies in a wide variety of industries such as financial services, healthcare, e- commerce, telecommunications, publishing, insurance, systems integration, and information management. The company is backed by a world-class team of software security experts and partners. More information is available at www.fortifysoftware.com.
Contacts:
Public Relations:
OutCast Communications
Jessica Williams
USA
Phone: 415-392-8282
 E-mail this person
Company Information:
Name: Fortify Software, Inc
Address: 2215 Bridgepointe Pkwy, Suite 400
City: San Mateo
State: CA
ZIP: 94404
Country: USA
Phone: 650-358-5600
FAX: 650-358-4600
http://www.fortify.com
|
|
|
|
| Related Stories: | | Sep 4, 2008 | Testing Software addresses IMS and TISPAN networks. |
| Aug 29, 2008 | Telecom Software enables complete NGN testing. |
| Aug 27, 2008 | Software offers device and heterogeneous system testing. |
| Aug 22, 2008 | Software spots transactions that affect network performance. |
| Aug 22, 2008 | Software enables application testing in cloud. |
| Aug 22, 2008 | Testing Software is compliant with DMTF management standards. |
| Aug 20, 2008 | Debugging Software analyzes HTTP/HTTPS communications. |
| Aug 20, 2008 | Software aligns product development with business goals. |
| Aug 20, 2008 | Testing Software features multicore processor support. |
| Aug 20, 2008 | Software Toolkit enables testing of GPS receivers. |
| Aug 18, 2008 | Software ensures overall application health. |
| Aug 14, 2008 | Software enables testing of digital TV hardware. |
| Aug 13, 2008 | Application Firmware is suited for WiMAX MIMO measurements. |
| Jul 31, 2008 | Web-Based Solution lessens spear fishing vulnerability. |
| Jul 29, 2008 | Software supports LynuxWorks flagship RTOS. |
| Jul 29, 2008 | Software monitors applications throughout lifecycle. |
| Jul 21, 2008 | Search Appliance optimizes code maintenance. |
| Jul 14, 2008 | Software facilitates ultrasound testing. |
| Jul 11, 2008 | Software Suite covers all stages of femtocell development. |
| Jul 10, 2008 | Embedded Solution automates LTE measurements. |
| |
|
| Other News from this company: | | Oct 01, 2007 |
U.S. Air Force Bolsters itself for Cyber War by Selecting Fortify's Application Security Suite for Worldwide Development Teams
|
| May 14, 2007 |
Fortify Software Extends Leadership in Detecting the Most Complete Range of Security Vulnerabilities
|
| Mar 19, 2007 |
Fortify Software Offers Protection for Vulnerable Web Applications with Fortify Defender for .NET
|
| Feb 01, 2007 |
Two Fortify Software Products Named as Finalists in 17th Annual Jolt Product Excellence Awards
|
| Jan 30, 2007 |
Fortify Software Expands Vulnerability Detection to Combat New Security Threats against Software
|
| Jan 17, 2007 |
Fortify Software Announces Definitive Agreement to Acquire Secure Software, Inc.
|
| Jul 31, 2006 |
Fortify Software Contributes Software Security Research to Open Source Community
|
| May 15, 2006 |
Fortify Software Sponsors FindBugs Open Source Project
|
| Jan 23, 2006 |
Fortify Software to Launch Application Security Solution at DEMO 2006
|
| Jan 16, 2006 |
/C O R R E C T I O N -- Fortify Software, Inc./
|
| Jan 16, 2006 |
'Extra' - Fortify Software Launches Online Software Security Community Site
|
|
|
|
![[Get Copyright Permissions]](http://license.icopyright.net/images/icopy-w.gif){kind=small}
