Product Overview of Fortify
What Fortify Does
Fortify, offered by OpenText, is a comprehensive application security platform designed to help organizations develop, deploy, and maintain secure software applications. It integrates various security testing and management tools to ensure the identification, prioritization, and remediation of software vulnerabilities across the entire software development lifecycle.
Key Features and Functionality
Deployment Models
- Fortify on Demand: A cloud-based, Software as a Service (SaaS) solution that provides application security testing, vulnerability management, and expert support without the need for additional infrastructure or resources. This model allows for quick deployment and scaling of application security initiatives.
- Fortify Hosted: A cloud-based enterprise service hosted on AWS, managed by OpenText, which enables collaboration among management, development, and security teams to manage software security activities.
- Fortify On-Premises: An on-premises solution offering a broad set of software security testing products, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Mobile Application Security Testing (MAST).
Security Testing Capabilities
- Static Application Security Testing (SAST): Identifies vulnerabilities in source code during the development phase using tools like Fortify Static Code Analyzer. This helps in pinpointing the root cause of security vulnerabilities, prioritizing issues, and providing detailed guidance on fixes.
- Dynamic Application Security Testing (DAST): Detects and prioritizes security vulnerabilities in running web applications and web services using Fortify WebInspect. It integrates Interactive Application Security Testing (IAST) to expand coverage of the attack surface.
- Mobile Application Security Testing (MAST): Ensures the security of mobile applications.
- Software Composition Analysis (SCA): Optionally available to analyze the security of third-party components used in the application.
Automation and Integration
Fortify integrates with various development tools and supports modern DevOps practices, allowing for seamless incorporation into the Continuous Integration/Continuous Deployment (CI/CD) pipeline. It supports over 30 languages and more than 1,000,000 APIs across 1,657 vulnerability categories.
Expert Support and Scalability
- Expert Manual Review: Application security assessments include expert manual review to ensure accurate and comprehensive vulnerability detection.
- 24/7 Support: Dedicated technical account support teams and global 24/7 support ensure continuous assistance and minimal downtime.
- Scalability: Fortify on Demand and other models are designed to scale with the business, allowing organizations to test all applications across their portfolio efficiently.
Management and Reporting
- Web-Based Management Portal: Fortify on Demand provides an interactive web-based portal for scheduling security assessments, consuming results via dashboards and reports, and managing the application security program.
- Centralized Software Security Management: Tools like Fortify Software Security Center help in centralized management of software security activities, enabling developers to resolve issues quickly and efficiently.
Additional Benefits
- Compliance and Best Practices: Fortify solutions ensure compliance with industry standards and best practices, such as OWASP guidelines, and provide up-to-date content to address new threats and technologies.
- Training and Onboarding: Training is available on-demand to minimize the impact on developer productivity, and customer success managers are provided for larger customers to ensure successful onboarding and ongoing support.
In summary, Fortify by OpenText is a robust and flexible application security platform that offers comprehensive security testing, expert support, and scalable solutions to help organizations build and maintain secure software applications throughout their development lifecycle.