Fortify 360 Vulnerability Detection

Identify Vulnerabilities in your Software

Detection of security vulnerabilities in software is an essential element of every Software Security Assurance program. Detection must be accurate and provide visibility into the source of the problem, not just report on the symptom. This helps software developers quickly identify problems early in the development lifecycle when they are far cheaper to fix.

Fortify 360 provides comprehensive, root-cause detection of more than 400 types of software security vulnerabilities across 17 development languages and 600,000 software component APIs – the most in the industry today.

Identify Vulnerabilities throughout the Development Lifecycle

With Fortify 360, organizations have greater flexibility over how they identify vulnerabilities. Using Fortify 360's three static and dynamic analyzers, vulnerabilities can be identified during the development or quality assurance phase of a project or even after the application has been deployed. To ensure that the most serious issues are addressed first, Fortify 360 correlates and prioritizes results from the analyzers to deliver an accurate, risk-ranked list of issues ready for remediation.

Static Analysis of Source Code

Fortify 360's static Source Code Analyzer (SCA) provides root-cause identification of vulnerabilities in source code. SCA is guided by the largest and most comprehensive set of secure coding rules and supports a wide array of languages, platforms, build environments and integrated development environments (IDEs).

Dynamic Analysis of Programs during Testing

Fortify 360's dynamic Program Trace Analyzer (PTA) provides root-cause identification of vulnerabilities during the QA process. Because Fortify 360 PTA works in the background during the application testing process, organizations can easily use their existing test suites and processes to identify vulnerabilities.

Dynamic Analysis of Applications in Production

Fortify 360's dynamic Real-Time Analyzer (RTA) provides root-cause identification of vulnerabilities after an application has been deployed into production. RTA monitors critical software functions and application programming interfaces (APIs) from inside the application itself, provides root-cause identification of vulnerabilities in a real world context.

360 Correlated Analysis

To ensure accurate risk severity, Fortify 360 correlates the results from across its multiple analyzers. This provides an accurate picture of an application's security and ensures development is addressing the most significant issues first.

Identify the Cause, not the Symptom

Fortify 360 identifies the root cause of the problem - not just the symptom, providing line-of-code level details for more than 400 categories of vulnerabilities.

Address the Most Serious Issues First

Fortify 360 enables security and development teams to focus on the most important issues first, increasing their productivity and accuracy while avoiding time wasted chasing down false positives. Prioritized results are delivered by correlating analyzer data in a collaborative on-line environment where security and development teams can work together to resolve issues quickly and accurately.

Enterprise Class Detection

With support for 17 development languages, 600,000 component level APIs and the ability to detect vulnerabilities at multiple points in the development lifecycle, Fortify 360 provides the most comprehensive set of capabilities in the market today. This in turn reduces the cost of identifying and fixing vulnerabilities, decreases the chance of critical vulnerabilities going undetected and minimizes the volume of vulnerability processing required to maintain compliance.

pdf icon  Fortify 360 datasheet (opens in new window) (2,715kb, pdf)

Be sure to visit Fortify's Security Resource Center (opens in new window) to do more research in the increasingly important discipline of application security.