Fortify Source Code Analysis Suite 4.5
April 01, 2008
From c£600 per seat
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Powerful analysis of source code, solid documentation
- Weaknesses: The various components have a disparate look and feel
- Verdict: An excellent source-code analyser that preaches the value and benefits of integration within the SDLC
Fortify Source Code Analysis Suite 4.5 performs static source code analysis. Various languages and architectures including ASP.NET, C/C++, C#, Java, JSP, PL/SQL, T-SQL, XML, VB.NET and other .NET languages are supported. The product also works with environments, such as Microsoft Visual Studio, Eclipse, WebSphere Application Developer and IBM Rational Application Developer.
Installation of the various components required minimal effort. The product installs on various flavours of Windows and Unix and can be easily integrated into many different development environments. The suite consists of several components, targeted at the various roles within the systems development life cycle (SDLC). The Source Analyzer is at the heart of the solution, and is a command-line executable that integrates into the development build and IDE processes.
The Analyzer performed well against our test code. It can assess large code bases and multiple tiers of code execution largely independent of the environment it's running in. Other components include a custom rules builder and graphical front end for editing the results from the Source Analyzer. We found many administrative tasks to be resource-intensive on our test servers. Fortify recommends quality-assurance and testing staff use the front end to make audit decisions, while developers use the Analyzer within their build process.
Finally, a web-based management console provides high-level project information and dashboard views of vulnerability information. We found the suggested workflow to be on par with how most development teams would use the product. However, at times, the different look and feel of the various components suggests that some of them may be at separate stages in the product roadmap.
The documentation goes above and beyond just guiding the user through features and options. The text often relays the value of using proper roles within the SDLC and often reminds developers of the benefits of integrating automated code testing into the build processes.
No support options were provided to our reviewers, but the Fortify website does have a link to a Premium support area as well as contact information for general support requests.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry