Fortify Source Code Analysis
August 01, 2007
£600 per developer
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Scans code prior to implementation to catch holes before they happen
- Weaknesses: For the non full time programmer the utility might be a bit difficult to operate
- Verdict: A great CASE program that should be used as part of any system development life cycle
Fortify's offering in this space is also a CASE (computer-aided software engineering) utility. Any source code can be reviewed with the Source Code Analysis (SCA) suite. This ties tightly to the PCI DSS standard, which requires code reviews and should also be part of a system development life cycle.
The use of source code analysis is, of course, the best way to spot flaws and, unlike with most of the products we tested, is not a black-box test.
Fortify SCA supports many languages including ASP.NET, C/C++, C#, ColdFusion, Java, JSP, PL/SQL, T-SQL, XML, VB.NET and other .NET languages. The software-based solution offers secure coding plug-ins for several development environments, such as Microsoft Visual Studio, Eclipse, WebSphere Application Developer and IBM Rational Application Developer.
Fortify SCA can be installed on a variety of operating systems including Windows, Mac OS X, Solaris, Linux, AIX and HPUX.
The installation was simple, and the utility automatically downloads updates during part of the installation process. The process was a bit time-consuming as the installation procedure configured the system. The application installation performs most of the configuration without the need for user intervention. All in all, the installation process was among the simplest in this group test.
The Fortify SCA rules builder allows you to customise rules specific to your organisation. A feature-rich audit workbench offers multiple sorting, filtering and organising features to prioritise important issues.
Fortify SCA arrived with a guide for the initial installation in hard-copy format. A PDF version of the document is also available. However, the PDF files are not indexed and searchable, which means the PDF needs to be scanned manually.
Support is offered through phone and a password-protected web portal, as well as via email. In addition, the standard price features quarterly updates of the latest security tests for code review.
The price for the Fortify SCA suite is £600 per developer. This puts the product at the low end of the spectrum. For a feature-rich CASE environment, this is definitely good value for money.
SC Webcasts UK
Senior Accreditor, Security Risk and Assurance Manager
Disclosure & Barring Service - Liverpool, Merseyside
DV Cleared Systems Architect - 6 Months - London
Computerfutures - London (North), London (Greater)
CISO – Chief Information Security Officer (Up to £100K)
Evolution Recruitment - London (North), London (Greater)
Head of Security Strategy – London
Evolution Recruitment - London (West), London (Greater)
Information Security Manager
Infosec People - Hammersmith, West London
Sign up to our newsletters
SC Magazine UK Articles
- It's a trap! WhatsApp Gold 'premium' version lures users to malware
- SC Awards Europe 2016 winners announcements!
- Microsoft ends common password use and password lockout
- ISIS radicalises 'lone wolves' through strong social media presence
- 1.5 billion Windows computers potentially affected by unpatched 0-day exploit
- GDS boosts government security with HTTPS/HSTS and DMARC
- Russian hackers attacked Bellingcat investigators over MH17
- Tech giants team up to address the future of artificial intelligence
- ICYMI: 1Tb DDoS attack, Krebs dropped, Pippa Middleton, Yahoo!
- Yahoo! data breach likely exceeds 500 million records