At Prolifics Testing, our offshore consultants use OpenText Fortify to detect flaws in your applications before they cause problems, saving you time and money down the line.
Our consultants have particular expertise in using the Fortify toolset, one of the leading Application Security Testing (AST) tool on the market, having appeared in the Gartner Magic quadrant for 8 years.
As a Gold Partner to OpenText for Information Security, Prolifics can discounted licenses for the Fortify suite, as well as end-user training to provide your team with all the skills they need.
OpenText Fortify turns Security Testing from something that was for a long time complex and expensive, into a truly scalable part of the development life cycle. Having scanned thousands of applications, its built-in AI capabilities make it simple to automate issue finding.
Fortify lets teams scan early and often, whether they’re working in an on-prem, full Cloud, or Hybrid environment. To make deployment easier, Fortify on Demand (FoD) is a SAAS solution that can be quickly deployed to scan an application, with no local software installation needed. FoD is a popular way to evaluate the solution and for organisations to quickly leverage the benefits of removing vulnerabilities at source, before code is deployed to production.
There are several elements to Fortify, which are explained below:
Static Code Analyser
OpenText Fortify Static Code Analyser (SCA) pinpoints the root cause of security vulnerabilities in the source code via SAST, prioritises the most serious issues, and provides detailed guidance on how to fix them so developers can resolve issues in less time with centralised software security management.
Fortify SCA empowers developers to:
- Scan source code early and often
- Pinpoint the root cause of vulnerabilities down to the line of code
- Correlate and prioritise the results
- Accelerate development and shorten scan times
- Remediate security vulnerabilities quickly
- Review best practices to help developers code more securely
SCA integrates directly with major IDEs Eclipse and Visual Studio and includes support for 27+ languages, including ABAP/BSP, ActionScript, Apex, ASP.NET, C# (.NET), C/C++, Classic, ASP (with VBScript), COBOL, ColdFusion CFML, Go, HTML, Java (including Android), JavaScript/ AJAX, JSP, Kotlin, MXML (Flex), Objective C/C++, PHP, PL/SQL, Python, Ruby, Swift, T-SQL, VB.NET, VBScript, Visual Basic, and XML.
SCA also supports a wide range of build tools, including Ant, Bamboo, Gradle, Jenkins, Maven, MSBuild and Xcodebuild.
Overall, the solution has extensive capabilities to allow developers to understand vulnerabilities, tracking variables and user inputs through the source code, showing how they can be exploited and how to prevent them being used in this way.
WebInspect
OpenText Fortify WebInspect is a dynamic application security testing (DAST) tool that identifies application vulnerabilities in deployed web applications and services. It mimics real-world hacking techniques and attacks, enabling you to thoroughly analyse your IT infrastructure vulnerabilities. WebInspect is designed to be used by the testing function within organisation, to complement functional testing, taking away some of the expertise and knowledge needed when carrying out manual application security testing.
WebInspect has a wide range of features, including redundant page detection, automated macro generation, incremental scanning, and containerised delivery.
Voltage
Voltage SecureData is an end-to-end, data-centric security solution ready for the data-driven economy. It's the only comprehensive data protection platform that enables you to protect data over its entire lifecycle - from the point at which it’s captured, throughout its movement across your extended enterprise, all without exposing live information to high-threat environments.
Voltage is designed to work with existing Test Data Management (TDM) and ETL tools, as well as customer-created data flows.
