Welcome!

Weblogic Authors: Yeshim Deniz, Elizabeth White, Michael Meiner, Michael Bushong, Avi Rosenthal

Related Topics: Cloud Security

News Feed Item

Fortify Announces New Source Code Analysis Tools to Identify and Resolve Software Security Risks

Fortify Announces New Source Code Analysis Tools to Identify and Resolve Software Security Risks

PALO ALTO, Calif., Jan. 9 /PRNewswire/ -- Fortify Software, Inc. today announced Source Code Analysis 3.5, a powerful advancement in functionality for its award-winning Source Code Analysis suite. Designed to ensure a higher level of application security, the new enhancements improve the ability for software developers and development managers to identify, prioritize and resolve security flaws in software applications before they are shipped or deployed in order to mitigate enterprise security risk.

Fortify Source Code Analysis 3.5 include the following new and expanded components:

-- New Structural Analyzer detects potentially dangerous flaws in the structure or definition of a program. -- Expanded language support that includes .NET languages such as C#, VB.NET and ASP.NET -- The addition of over 48 new vulnerability categories that will be referenced by Source Code Analysis -- Significant enhancements to Integrated Developer Environment (IDE) plug-in support for Eclipse, Visual Studio and IBM WSAD environments

"Fortify Source Code Analysis has been adopted by leading enterprises such as Wells Fargo, eBay, Oracle and Cingular as the premier solution for finding, tracking and fixing security vulnerabilities in software applications," said Barmak Meftah, Vice President of Engineering and Operations, Fortify Software. "Version 3.5 expands our feature set so companies can scale their software security efforts by auditing more code with higher confidence and in less time than they could before."

Fortify's powerful source code analyzers run comprehensive, automated security checks on software code bases to detect over 115 vulnerability categories across popular languages and platforms. In version 3.5, Fortify Source Code Analysis includes a new Structural Analyzer and expansion of its list of supported languages that includes Java, C/C++, XML, PL/SQL, and .Net C# 1.0, to include:

-- .Net 2.0 support for C# 2.0, VB.NET 2.0, ASP.NET 2.0 -- Microsoft T-SQL support -- Expanded JSP support for BEA Weblogics and IBM Websphere

By understanding the way programs are structured, the new Structural Analyzer identifies vulnerabilities that are often difficult to detect through inspection because they encompass both the declaration and use of variables and functions. For example, the Structural Analyzer detects assignment to member variables in Java servlets, identifies the use of loggers that are not declared "static final", and flags instances of dead code that will never be executed because of a predicate that is always false. This new analyzer joins Fortify's stable of data flow, configuration, semantic and control flow analyzers to provide the most comprehensive and accurate coverage of security vulnerabilities in the industry.

Fortify's Secure Coding Rulepacks now contain thousands of rules in more than 115 vulnerability categories that provides comprehensive coverage of over 35,000 permutations which would be virtually impossible to track manually. The Rulepacks recognize sources of tainted input combined with known unsafe functions, function call sequences and application configurations. Fortify's security experts and partners continually update the rulepacks based on a rich store of security knowledge around common programming practices used in application development.

Version 3.5 also includes significant enhancements to its support for popular IDEs, including Visual Studio 2003 and Visual Studio 2005, Eclipse 3.0 and above, and IBM WSAD 5.0 and 6.0. Now developers can use powerful functionality previously only part of Fortify Audit Workbench to discover and remediate flaws in a familiar environment while they code.

About Fortify Software, Inc.

Fortify Software products protect companies from the threats posed by security flaws in business-critical software applications. Its flagship software security suites, Fortify Source Code Analysis and Fortify Security Tester, drive down costs and security risks by automating key processes of developing secure applications prior to deployment. Fortify Software is backed by leading investors, including Kleiner, Perkins, Caufield & Byers, and a world-class team of software security advisors and partners. More information is available at http://www.fortifysoftware.com/.

Fortify Software, Inc.

CONTACT: Kim Milosevich of OutCast Communications, +1-415-392-8282, or
[email protected], for Fortify

Web site: http://www.fortifysoftware.com/

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
IoT is at the core or many Digital Transformation initiatives with the goal of re-inventing a company's business model. We all agree that collecting relevant IoT data will result in massive amounts of data needing to be stored. However, with the rapid development of IoT devices and ongoing business model transformation, we are not able to predict the volume and growth of IoT data. And with the lack of IoT history, traditional methods of IT and infrastructure planning based on the past do not app...
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
DXWorldEXPO LLC, the producer of the world's most influential technology conferences and trade shows has announced the 22nd International CloudEXPO | DXWorldEXPO "Early Bird Registration" is now open. Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smart...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
Here are the Top 20 Twitter Influencers of the month as determined by the Kcore algorithm, in a range of current topics of interest from #IoT to #DeepLearning. To run a real-time search of a given term in our website and see the current top influencers, click on the topic name. Among the top 20 IoT influencers, ThingsEXPO ranked #14 and CloudEXPO ranked #17.
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...
"We are a well-established player in the application life cycle management market and we also have a very strong version control product," stated Flint Brenton, CEO of CollabNet,, in this SYS-CON.tv interview at 18th Cloud Expo at the Javits Center in New York City, NY.
In his session at @ThingsExpo, Arvind Radhakrishnen discussed how IoT offers new business models in banking and financial services organizations with the capability to revolutionize products, payments, channels, business processes and asset management built on strong architectural foundation. The following topics were covered: How IoT stands to impact various business parameters including customer experience, cost and risk management within BFS organizations.
While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improving and assuring operational integrity. In his session at @ThingsExpo, Jim Frey, Vice President of S...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...