What does Fortify have up its application security sleeve?

We are pleased to announce the general availability of several Fortify products including the maiden release of HP ArcSight Application View, significantly improved HP Fortify Static Code Analyzer 4.0, WebInspect Enterprise 10.10, and more.  Continuing the momentum we gained from the overwhelmingly positive Gartner Magic Quadrant for Application Security Testing, these releases have Fortify poised to confront the security challenges of the new reality.

 

Here is more information on each release, with more in-depth information available in the documentation referenced.

 

Arcsight application view.pngHP ArcSight Application View

 

In many organizations, Security Operation Center teams have little to no visibility into application security events—especially for custom applications. It’s a huge problem because security teams can’t protect organizations from threats they can’t identify.

 

HP ArcSight Application View solves this problem by helping organizations gain greater application visibility and security intelligence. This visibility is accomplished through the combined security capabilities of HP Fortify Runtime Application Logging and HP ArcSight Enterprise Security Manager (ESM). HP ArcSight Application View works across any application—including legacy and cloud-based—helping to extend the life of an application and reducing the need for costly updates or replacements.

 

Building on the power of HP Fortify Runtime and HP ArcSight ESM, HP ArcSight Application View:

 

  • Makes existing ESM deployments more valuable by feeding in application security events for correlation and analytics.
  • Immediately increases visibility and reporting of security-related application events with out-of-the-box content rules.
  • Enhances borderless collection from virtually any application, especially custom applications, with ESM logging capability.
  • Captures application security events through extensible contextual content rules.

 

 

Get the data sheet here.

 

 

 

Fortify audit.pngHP Fortify SCA 4.0


HP Fortify SCA 4.0 delivers a new approach to improving overall scan performance with heightened precision to support faster vulnerability detection and resolution. This approach enables the analysis of multiple software application threads in parallel to enable:

  • 10x faster scans and reduced false positives by 20 percent over previous versions of the product, enabling organizations to evaluate more software at a quicker pace and with improved results.
  • Improved software security intelligence reports that equip IT departments with risk-ranked lists of issues for mobile, web, client and server applications, ensuring the timely resolution of high-priority vulnerabilities.
  • Reduced application development time through more frequent security testing by enabling full application scanning without impacting development process.
  • Flexible deployment options to fit any organization’s business needs through either on-premises or on-demand access.

 

You can read more in the press release here.

 

Minor Releases:


HP WebInspect Enterprise 10.10


Higher value testing in less time through Guided Scan
Guided Scan analyzes each web page and makes configuration recommendations which helps WebInspect Enterprise learn more about the application and provide deeper coverage during the scan.

 

Import HP Unified Functional Testing scripts
WebInspect Enterprise 10.10 can extend the attack surface of the application by leveraging network traffic that is produced during the replay of HP Unified Functional Testing scripts.

 

Provides comprehensive technology support

Expert research on the latest threats and improved support for modern Web 2.0 application technologies combine to provide more confident and accurate coverage of any application.

 

Learn more about these releases in this data sheet.

 

HP Fortify Software Security Center 4.0

 

Results Processing
We have improved the way we process results in order to provide better information for your team. Now, new scan results are merged more quickly with past results so you can track the
progress of a particular application over time with efficiency.

 

Improved Performance for Simultaneous Users

Response times are faster now for multiple users working to triage security issues through both the web interface and IDE remediation plug-ins.

 

 

HP Fortify Runtime Products: Runtime Application Logging, Runtime Application Protection and SecurityScope


Setup Wizard


The installers for the Java versions of runtime products now include a Setup Wizard which automatically configures the web application server (Tomcat, JBoss, WebLogic and WebSphere) to invoke the runtime.

 

Unified Logging


HP Fortify Runtime Application Logging now supports unified logging. If an application is using one of the following frameworks: Log4j, java.util.logging, Apache Common Logging, Slf4j, Log4Net, NLog, or Microsoft Enterprise Logging Library, logs can automatically be redirected from within the application through the syslog connector to ArcSight ESM. This avoids the creation of custom connectors and custom parsers to get information from the log files into ArcSight ESM. With this release, Runtime Application Logging can also record all queries that an application executes against the database.

 

Improved Integration with WebInspect

 

The HP Fortify SecurityScope component of WebInspect Real-Time was improved and it now supports five additional categories of vulnerabilities: Leftover Debug Code, Value Shadowing, Open Redirect, Insecure Randomness, and Validation Traces.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation