Fortify Software Offers Protection for Vulnerable Web Applications with Fortify Defender for .NET

Leading Software Security Vendor Offers Unique, 'Inside-the-Application' Approach to Securing .NET Web Applications

PALO ALTO, Calif., March 19 /- Fortify Software, the leading provider of security products that help companies identify, manage and remediate software vulnerabilities, today announced the extension of its Fortify® Defender solution for applications written in the .NET language. This release is helping to meet special requests from .NET-based organizations, such as government agencies trying to protect confidential information, healthcare companies that need to secure private health information, and ecommerce sites trying to address upcoming PCI compliance requirements. Fortify Defender offers these types of organizations a highly effective and accurate approach to protecting Web applications from the most common and sophisticated hacking techniques. It is most frequently used when companies either don't have time to conduct an extensive source code analysis or don't have access to the source code.

"While we always encourage organizations to conduct a thorough source code analysis, there are times when this isn't possible," said Barmak Meftah, Fortify's vice president of products and services. "Many organizations will need to deploy an application quickly that has either failed a penetration test, or has not been tested thoroughly; Fortify Defender is an ideal solution to secure this type of application quickly."

Fortify Defender's sophisticated technology requires minimal overhead and can be applied to any J2EE or .NET custom Web application, even those where source code is unavailable. It protects against both known and unknown attacks by using multiple detection algorithms, including rule, behavioral and anomaly-based techniques to identify important and potentially harmful security events. Customers can apply Fortify Defender in a short period of time and can rely on it to provide a great deal of protection.

In addition to protecting Web applications, Fortify Defender provides detailed attack forensics. Organizations can monitor in real-time how they are getting attacked, who is attacking them and specifically what part of their application is getting attacked.

"We wanted to proactively protect our web applications and track how hackers were trying to exploit them," said Jonathan Bryce, co-founder of Mosso, a new web hosting service developed in conjunction with Rackspace® Managed Hosting. "Fortify Defender tells us exactly what is taking place. Our developers use this information to focus on the right issues when building security into our applications."

Other organizations use Fortify Defender to address upcoming PCI compliance requirements and current best-practice recommendations for an application layer firewall. With the support for .NET, more organizations are able to rely on Fortify Defender to help achieve PCI compliance.

For those interested in protecting their applications with Fortify Defender, more information-including a free product trial-is available on Fortify's website:

Fortify Software also announced that the 554th Electronic Systems Wing, a unit of the Air Force Electronic Systems Center at Hanscom AFB, Mass., has adopted Fortify Defender to help protect and monitor its applications. Please see press release "U.S. Air Force Selects Fortify Defender to Protect and Monitor Applications" for more details.

About Fortify Defender

Fortify Defender enables a new, highly effective layer of Web application security by monitoring security-critical functions and application programming interfaces (APIs) inside the Web application itself. This unique "internal firewall" approach offers critical insight into attacks as well as an unparalleled level of security. By placing its unique Call Site Guards(TM) at every attack surface and security-critical function call site, Fortify Defender accurately protects the application and gives security and operations teams precise, detailed data whenever anomalies occur. Fortify Defender is effective and accurate because it makes use of a Web application's business logic semantics, thereby eliminating the need for 'learn mode' or further tuning. Fortify Defender addresses key software security compliance requirements, including Payment Card Industry (PCI) Data Security Standards, OWASP Top Ten, HIPAA and more. Fortify Defender requires minimal overhead and can be applied to any J2EE or .NET custom Web application, even those where source code is unavailable.

About Fortify Software, Inc.

Fortify Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security products-Fortify SCA, Fortify Manager, Fortify Tracer and Fortify Defender-drive down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by a world-class team of software security experts and partners. More information is available at

Source: Fortify Software, Inc.

North America:
Lisa Eskey,
Sterling Communications,

or UK:
Laura Mead,
Johnson +King Public Relations,
+44 (0) 20 7357 7799,;

or Austria, Germany and Switzerland:
Ingrid Daschner,
Johnson King Public Relations,
+49 (0) 894085-11,

Web site:

More from Test & Measurement

All Topics