Fortify Software has launched a Software-as-a-Service (SaaS) security suite to integrate its static analysis technology with application security testing.
The company claimed that Fortify on Demand allows organisations to assess and remediate security vulnerabilities in applications without installing software on-premise. The application security testing is powered by WhiteHat Security,
It integrates source and binary code analysis with web application scanning, focusing on a core set of 90+ vulnerabilities in the most popular applications.
Jon Gettinger, senior director of product marketing at Fortify, claimed that the concept was born out of a lack of knowledge and a need to know the bigger picture where all lines need to be analysed.
He said: “A security test needs to be as easy as turning on a light. We are bringing in a test and making it available to everyone. We identify the vulnerabilities, and a penetration test will look at the web form and probe at fields and find the vulnerabilities, and then say 'I did this and this happened'.
“The penetration test can prove the problem but you do not fix it as it is in the code, source code analysis is comprehensive. It is automated in 24 hours to deliver a report and we are making it available so everyone can do it.”
Gettinger claimed that as security software assurance is going forward, it is now a permanent feature of business. “As 20 years ago quality assurance was limited, but now 20 years later everyone has a group. Assurance is at an early stage but in ten years it will be part of people's business,” he said.
Barmak Meftah, senior vice president of products and technology for Fortify Software, said: “For many organisations, the task of deploying an enterprise-wide software security program can be daunting. Fortify on Demand offers an easy first step for companies that need to assess their overall risk exposure and quickly implement a software security program.”