Fortify Software Debuts Next-Generation Web Application Hybrid Security Analysis with HP

More Accurate and Actionable Results to Reduce Security Risks for
Less Cost

(04.03.10) - Fortify Software debuted the hybrid security analysis technology for testing web applications. Developed in collaboration with HP, Hybrid 2.0 enables teams across the application lifecycle to improve visibility into security risks, increase test accuracy and produce more secure web applications through new advances in correlating static and dynamic testing results.

Using advanced correlation techniques, Hybrid 2.0 connects penetration test results directly to source code analysis results revealing hidden vulnerability relationships and exposing their root cause within the application source code. This allows security professionals and development teams to more accurately identify and prioritize vulnerabilities, and more productively investigate and remediate security defects in the source code.

"The correlation of both static and dynamic testing solutions increases the accuracy of vulnerability detection, reduction of both false-positives and false negatives, and broader coverage of the application," said Joseph Feiman, VP and Gartner Fellow. Securing applications is imperative given the dramatic rise in software-based attacks,” states Karl Smith, Head of Security Assurance Services, BT Global Services. "As part of our software security assurance services, within our Secure Network Quickstart programme, we not only look to be comprehensive in our vulnerability discovery, but also reduce cost in all aspects of our programs – especially remediating discovered software flaws. With Hybrid 2.0, Fortify and HP enable my teams to be significantly more productive by dramatically reducing the manual efforts to validate, prioritize, and fix issues discovered through separate application security testing."

Hybrid 2.0 is delivered through the integrated solutions of HP Assessment Management Platform (AMP), Fortify Source Code Analysis (SCA) and Fortify Program Trace Analyzer (PTA). This provides deep insight into application security by making visible the connection between issues discovered through dynamic and static testing mechanism. "Our next generation hybrid analysis technology offers customers a dramatic step forward in achieving their software security assurance goals," said Barmak Meftah, Chief Products Officer at Fortify Software. "While other vendors offer point solutions or first-generation capabilities, Fortify and HP are delivering integrated technologies that enable businesses to more effectively reduce risk associated with insecure web applications." (Fortify: ra)