Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

What does Fortify have up its application security sleeve?

markpainter ‎09-17-2013 10:17 AM - edited ‎07-07-2015 09:34 AM

We are pleased to announce the general availability of several Fortify products including the maiden release of HP ArcSight Application View, significantly improved HP Fortify Static Code Analyzer 4.0, WebInspect Enterprise 10.10, and more.  Continuing the momentum we gained from the overwhelmingly positive Gartner Magic Quadrant for Application Security Testing, these releases have Fortify poised to confront the security challenges of the new reality.


Here is more information on each release, with more in-depth information available in the documentation referenced.


HP ArcSight Application View


In many organizations, Security Operation Center teams have little to no visibility into application security events—especially for custom applications. It’s a huge problem because security teams can’t protect organizations from threats they can’t identify.


HP ArcSight Application View solves this problem by helping organizations gain greater application visibility and security intelligence. This visibility is accomplished through the combined security capabilities of HP Fortify Runtime Application Logging and HP ArcSight Enterprise Security Manager (ESM). HP ArcSight Application View works across any application—including legacy and cloud-based—helping to extend the life of an application and reducing the need for costly updates or replacements.


Building on the power of HP Fortify Runtime and HP ArcSight ESM, HP ArcSight Application View:


  • Makes existing ESM deployments more valuable by feeding in application security events for correlation and analytics.
  • Immediately increases visibility and reporting of security-related application events with out-of-the-box content rules.
  • Enhances borderless collection from virtually any application, especially custom applications, with ESM logging capability.
  • Captures application security events through extensible contextual content rules.



Get the data sheet here.




HP Fortify SCA 4.0

HP Fortify SCA 4.0 delivers a new approach to improving overall scan performance with heightened precision to support faster vulnerability detection and resolution. This approach enables the analysis of multiple software application threads in parallel to enable:

  • 10x faster scans and reduced false positives by 20 percent over previous versions of the product, enabling organizations to evaluate more software at a quicker pace and with improved results.
  • Improved software security intelligence reports that equip IT departments with risk-ranked lists of issues for mobile, web, client and server applications, ensuring the timely resolution of high-priority vulnerabilities.
  • Reduced application development time through more frequent security testing by enabling full application scanning without impacting development process.
  • Flexible deployment options to fit any organization’s business needs through either on-premises or on-demand access.


You can read more in the press release here.


Minor Releases:

HP WebInspect Enterprise 10.10

Higher value testing in less time through Guided Scan
Guided Scan analyzes each web page and makes configuration recommendations which helps WebInspect Enterprise learn more about the application and provide deeper coverage during the scan.


Import HP Unified Functional Testing scripts
WebInspect Enterprise 10.10 can extend the attack surface of the application by leveraging network traffic that is produced during the replay of HP Unified Functional Testing scripts.


Provides comprehensive technology support

Expert research on the latest threats and improved support for modern Web 2.0 application technologies combine to provide more confident and accurate coverage of any application.


Learn more about these releases in this data sheet.


HP Fortify Software Security Center 4.0


Results Processing
We have improved the way we process results in order to provide better information for your team. Now, new scan results are merged more quickly with past results so you can track the
progress of a particular application over time with efficiency.


Improved Performance for Simultaneous Users

Response times are faster now for multiple users working to triage security issues through both the web interface and IDE remediation plug-ins.



HP Fortify Runtime Products: Runtime Application Logging, Runtime Application Protection and SecurityScope

Setup Wizard

The installers for the Java versions of runtime products now include a Setup Wizard which automatically configures the web application server (Tomcat, JBoss, WebLogic and WebSphere) to invoke the runtime.


Unified Logging

HP Fortify Runtime Application Logging now supports unified logging. If an application is using one of the following frameworks: Log4j, java.util.logging, Apache Common Logging, Slf4j, Log4Net, NLog, or Microsoft Enterprise Logging Library, logs can automatically be redirected from within the application through the syslog connector to ArcSight ESM. This avoids the creation of custom connectors and custom parsers to get information from the log files into ArcSight ESM. With this release, Runtime Application Logging can also record all queries that an application executes against the database.


Improved Integration with WebInspect


The HP Fortify SecurityScope component of WebInspect Real-Time was improved and it now supports five additional categories of vulnerabilities: Leftover Debug Code, Value Shadowing, Open Redirect, Insecure Randomness, and Validation Traces.

0 Kudos
About the Author


on ‎09-22-2013 03:22 PM

HP Fortify SCA 4.0 is very nice thank you so much 

27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all