Security Tools help resolve software vulnerabilities.
Press Release Summary:
Source Code Analysis tools mitigate enterprise security risk by automating identification, prioritization, and resolution of flaws in software applications. Multiple source code analyzers detect security vulnerabilities in software, while Fortify Audit Workbench reports vulnerabilities and prioritizes them for correction. Fortify Rules Builder lets users create custom rules to check for security flaws associated with company-specific application components.
Original Press Release:
Fortify Announces New Security Tools to Identify, Prioritize and Resolve Software Vulnerabilities
New Source Code Analysis, Audit Workbench, and Rules Builder With Expanded Language Support Secure Software From the Inside Out
PALO ALTO, Calif., Nov. 22 -- Fortify Software, Inc., announced a powerful set of new Source Code Analysis tools that mitigate enterprise security risk by automating the identification, prioritization and resolution of flaws in software applications. The new tools include sophisticated new source code analyzers for discovering security vulnerabilities in software code. The new Fortify Audit Workbench reports these vulnerabilities and prioritizes them so they can be corrected before dangerous worms, hackers and malicious users can exploit them. The new Fortify Rules Builder enables security and development professionals to create custom rules that extend Fortify's Source Code Analyzers to check for security flaws associated with company-specific components of their applications. Together, these Source Code Analysis tools help enterprises improve application security, reduce costs and manage software security risk.
"Over the last several years, enterprises have designed their critical business applications to reach beyond the firewall to include suppliers, partners, customers and a wide range of internal users. This new boundary-less infrastructure demands a new approach to security," said John M. Jack, CEO of Fortify Software. "By working from the inside-out, Fortify inoculates software from dangerous and costly security attacks to give software developers, security auditors and outsourcers the ability to remove flaws at the root cause and build security into the software itself."
Fortify's powerful source code analyzers run comprehensive, automated security checks on software code bases to detect over 40 categories of vulnerabilities with the following specialized analyzers:
-- Data Flow Analyzer -- detects paths of potentially dangerous data.
-- Semantic Analyzer -- detects use of vulnerable functions or procedures and understands the context of their use.
-- Control Flow Analyzer -- accurately tracks sequencing of operations to detect improper coding constructs.
-- Configuration Analyzer -- tracks vulnerabilities in the interaction between configuration and code.
Once the Analyzers pinpoint vulnerabilities, the new Fortify Audit Workbench helps auditors and development leaders interpret, prioritize and fix software security flaws. The Graphical User Interface (GUI) included with Audit Workbench provides customizable views for an efficient analysis of the multitude of security issues in large, complex code bases and gives auditors tools to review, categorize, annotate and prioritize security issues. It also provides a step-by-step Audit Guide that offers detailed background and suggested fix actions for each security issue.
Fortify's Secure Coding Rulepacks now contain thousands of rules that provides comprehensive coverage of over 35,000 permutations which would otherwise be impossible to track manually. The Rulepacks recognize sources of tainted input combined with known unsafe functions, function call sequences and application configurations. Fortify's security experts and partners continually update the rulepacks based on a rich store of security knowledge around common programming practices used in application development. The new Fortify Rules Builder also offers a feature-rich GUI tool enabling in-house security teams or security project leads to create their own rules to complement the rule packs provided by Fortify.
Fortify Source Code Analysis Suite is available in three different configurations: Enterprise Edition, Team Edition, and Developer Desktop. Each configuration is designed to fit the needs of different developer and security environments. Secure Coding Rulepacks are available separately on a subscription basis. Fortify has expanded support for application programming languages to include C, C++, Java, JSP, PL/SQL, and C#.
About Fortify Software, Inc.
Fortify Software products protect companies from the threats posed by security flaws in business-critical software applications. Its flagship software security suites for Source Code Analysis and Attack Simulation drive down costs and security risks by automating key processes of developing secure applications prior to deployment. Founded in 2003, Fortify Software is backed by Kleiner, Perkins, Caufield & Byers and a world-class team of software security advisors and partners. More information is available at www.fortifysoftware.com.
