National Institute of Standards & Technology (NIST) studies indicate that it’s 30x more costly to secure applications in production than during development.
Companies want a software testing solution that doesn’t slow them down. Fortify on Demand is a cloud-based service that makes it easy to get started, our speed to results means we won’t hinder your development schedule. A user uploads the source code, byte code, or binaries of an application, and receives manually reviewed results (generally) in less than 24 hours. Fortify on Demand simplifies the upload process with free automation tools like build server integration and IDE plug-ins for Visual Studio and Eclipse.
Fortify on Demand leverages award-winning static analysis tools to find and fix vulnerabilities during development, supporting 21 languages and more than 600 vulnerability categories.
Find out more about Static Testing in this webinar – Static Application Testing Demystified
Open Source Risk Analysis
Modern applications often leverage multiple open source components to speed development. Along with the benefits, using open source software can introduce risk through security vulnerabilities, version control, and license terms. Fortify on Demand leverages the Sonatype engine to identify open source components and report known vulnerabilities, license risks, and version information.
Open Source risk analysis is requested with a simple check box during a static assessment. Once an assessment is complete, a thorough Open Source Report by Sonatype is delivered back in minutes, complete with charts of open source and third-party component vulnerabilities responsible for security, license, and quality issues in your applications.
Flexible Delivery, On or Off-Premise
Fortify on Demand is fully compatible with Fortify’s on premise solution, Fortify Software Security Center. Both solutions use the same underlying assessment engines, vulnerability rule-packs and results files. This allows the customer to choose for a specific application whether to assess it in the cloud or on-premise. The assessment results can then be automatically moved between the two environments so that a single repository can be maintained. With a hybrid solution, customers are able to balance surges with Fortify on Demand for an optimized application security portfolio.
Try a Free Static Scan now!