Web Application Assessment Tool utilizes static and dynamic tests.
Press Release Summary:
Hybrid v2.0 helps improve visibility into security risks, increase test accuracy, and produce secure web applications through correlation of static and dynamic test results. Penetration test results connect directly to source code analysis results, revealing hidden vulnerabilities in relationships and exposing root cause. This accelerates accurate identification and prioritization of vulnerabilities, leading to efficient investigation and remediation of security defects in source code.
Original Press Release:
Fortify Software Debuts Next-Generation Web Application Hybrid Security Analysis with HP
Advancement of integrated static and dynamic security technology, named Hybrid 2.0, provides more accurate and actionable results to reduce security risks for less cost
SAN MATEO, Calif. -- Fortify® Software, the market leader in Software Security Assurance (SSA) solutions, debuted the next generation hybrid security analysis technology for testing web applications. Developed in collaboration with HP, Hybrid 2.0 enables teams across the application lifecycle to improve visibility into security risks, increase test accuracy and produce more secure web applications through new advances in correlating static and dynamic testing results.
Using advanced correlation techniques, Hybrid 2.0 connects penetration test results directly to source code analysis results revealing hidden vulnerability relationships and exposing their root cause within the application source code. This allows security professionals and development teams to more accurately identify and prioritize vulnerabilities, and more productively investigate and remediate security defects in the source code.
"The correlation of both static and dynamic testing solutions increases the accuracy of vulnerability detection, reduction of both false-positives and false negatives, and broader coverage of the application," said Joseph Feiman, VP and Gartner Fellow.
"Securing applications is imperative given the dramatic rise in software-based attacks," states Karl Smith, Head of Security Assurance Services, BT Global Services. "As part of our software security assurance services, within our Secure Network Quickstart programme, we not only look to be comprehensive in our vulnerability discovery, but also reduce cost in all aspects of our programs - especially remediating discovered software flaws. With Hybrid 2.0, Fortify and HP enable my teams to be significantly more productive by dramatically reducing the manual efforts to validate, prioritize, and fix issues discovered through separate application security testing."
Hybrid 2.0 is delivered through the integrated solutions of HP Assessment Management Platform (AMP), Fortify Source Code Analysis (SCA) and Fortify Program Trace Analyzer (PTA). This provides deep insight into application security by making visible the connection between issues discovered through dynamic and static testing mechanism.
"Our next generation hybrid analysis technology offers customers a dramatic step forward in achieving their software security assurance goals," said Barmak Meftah, Chief Products Officer at Fortify Software. "While other vendors offer point solutions or first-generation capabilities, Fortify and HP are delivering integrated technologies that enable businesses to more effectively reduce risk associated with insecure web applications."
"Organizations want to reduce the incidence and costs of security risks in their applications," said Jonathan Rende, Vice President and General Manager of Business Technology Optimization Applications in the Software and Solutions organization at HP. "HP and Fortify's Hybrid 2.0 solution address the biggest application vulnerabilities, resulting in reduced business risk and lowered costs for clients."
For a demonstration of the Hybrid 2.0 technology, please visit booth #2037 during the RSA Conference 2010. Many Hybrid 2.0 capabilities are available today, with package availability expected in the second half 2010. For more information on the integrated solution, please visit www.fortify.com/hybrid2.
About Fortify Software, Inc.
Fortify®'s Software Security Assurance products and services protect companies from the threats posed by security flaws in business-critical software applications. Its software security suite--Fortify 360--drives down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at www.fortify.com or visit our blog at blog.fortify.com.
