HP Fortify Offers App Dev Security Threat Analysis Tool

Hewlett-Packard expanded its security solutions with a new real-time analysis tool based on the company’s Fortify acquisition.

The new HP Fortify Real-Time Hybrid Analysis allows organizations to discover the root cause of software vulnerabilities by observing attacks in real time, HP said April 12. With real-time analysis, organizations can proactively reduce business risk and minimize the time spent finding the vulnerability after an attack.

Security vulnerabilities, such as SQL-injection bugs, can be included at any time during application design, development, testing and maintenance, so it is important for organizations to be able to find and detect them as quickly as possible.

“HP Fortify brings together the correlation of static and dynamic analysis,” Subbu Iyer, senior director of products, application lifecycle management at HP Software, told eWEEK.

The real-time product can observe an attack while it’s in progress and identify what kind of attack it is. It then examines the application source code to identify which line contains the vulnerability and flags it so that developers can fix it.

HP Fortify Real-Time Hybrid Analysis can be used with the new HP Fortify 360 v3.0 and HP Application Security Center 9.0 for broader security coverage, Iyer said.

With HP Fortify 360 Server, organizations can assess existing code for threat vulnerabilities and compliance violations before a security attack. The information collected is then flagged and prioritized, so that development teams can work with the application owners to assess the risks of fixing the issues versus delaying the repair.

HP also announced new versions of its WebInspect vulnerability analysis and HP Assessment Management Platform applications. WebInspect 9.0 includes new macro recording and session-management features.

For more, read the eWEEK article: HP Fortify Brings Real-Time Threat Analysis to Application Development.