fortify SCA code detection tool

sponsored links
Fortify Source Code Analysis Suite is currently the world's most widely used source code security scanning, analysis, and software security risk management software. It won many awards the world's leading software security, including InforWord, Jolt, SC Magazine .... At present many of the world-class software development enterprises are using the software solutions in their development team in accelerating the search efficiency of software security vulnerabilities, monitor and manage software security risks.

Software products as follows:

Fortify Source Code Analysis Engine (source code analysis engine)

Using data flow analysis engine, semantic analysis engine, the structure of the engine, engine control flow analysis, configuration analysis engine and the unique X-Tier tracker view code from different aspects of security holes, reduce the code to maximize security risk.

Fortify Secure Code rules: Fortify (software security code rules set)

With internationally recognized safety rules and a number of software security vulnerabilities expert advice, support software developers, security personnel and management to quickly grasp the knowledge of software security, identify software security vulnerabilities and fix software vulnerabilities. The classification and definition of its rules by a number of authoritative international organizations, including the U.S. Department of Homeland Security (CWE) standard, OWASP, PCI. . . And so on.

Fortify Audit Workbench (security audit table)

Assist developers, security auditors Fortify Source Code Analysis Engines (source code analysis engine) to scan for rapid analysis, search, locate and distinguish the serious level of software security problems.

Fortify Rules Builder (security rules Builder)
Provide custom software security code rules function to meet the specific project environment and enterprise software security.

Fortify Source Code Analysis Suite plug in (Fortify SCA IDE Integrated Development plug-ins)

Eclipse, WSAD, Visual Studio integrated development environment plug-in for developers to easily write code in the process of using the tool can scan the code, the code immediately identify security vulnerabilities, and immediately under the proposed fix, to eliminate safety deficiencies in the initial coding phase, early find security, reduce security issues to find and repair costs.

Product features:

Source code security vulnerability scanning analysis functions:

1. Unique data flow analysis, tracking of infected, suspicious input data until the data is unsafe to use the entire process, and across all levels of software and programming language boundaries.
2. Unique semantic analysis technology found vulnerable to attacks of language function or process, and understand the context they use, and identifies a specific function or process safety risks caused by software
3. Unique control flow analysis techniques to accurately track the business operations of the order, found that construction is unreasonable because of the code brought the software security risks.
4. Unique configuration flow analysis software technical analysis the relationship between the configuration and code found in the software configuration and code, the configuration is lost or is not brought security risks
5. Unique code structure analysis of the structure from the source code to identify the code structure is irrational, and brought the issue of security vulnerabilities.
6. Custom security code rules function.

Source code security vulnerability audit function:

1. Vulnerability scan results summary and the priority level of division of functions.
2. Automatic navigation safety audit
3. Safety orientation and the process of tracking delivery problems.
4. Security check and filtering.
5. Security audit, the audit function of type of marginal notes and questions.
6. Descriptions and recommended fixes security issues recommendations.


1. From various aspects of software source code, find the software security vulnerabilities, is an analytical up hundreds, the most fully check the code security Wen Ti, Qi, respectively, for examination are: data flow, control-flow, meaning, Pei Zhi flow and code Jiegou
2. Is the only software able to cross the border at different levels and different languages, static analysis technology to track the process of the introduction of software security vulnerabilities.
3. Safety code rules the most comprehensive, most thorough security vulnerability checks. Now includes more than 150 kinds of categories of security vulnerabilities, the security code rules up to more than 50,000 articles. Rules covering ASP.NET, C / C + +, C #, ColdFusion, Java, JSP, PL / SQL, T-SQL, XML, VB.NET and other. NET and other languages
4. Software supports multiple international safety standards: OWASP, Payment Card Industry (PCI) Compliance, Federal Information Security Management Act (FISMA) Common Weakness Enumeration (CWE) .....
5. To support mixed-language analysis, including ASP.NET, C / C + +, C #, Java?, JSP, PL / SQL, T-SQL, VB.NET, XML and other. NET languages. Fortify SCA supports Windows?, Solaris ?, Linux?, AIX? and Mac OS? X .... and many other operating systems
6. Support for custom software security code rules.
7. Integrated software development environment (Microsoft Visual Studio, IBM RAD, and Eclipse.) And automated product build process.
8. Web-based interface, multiple projects can focus on the enterprise security statistics, analysis and management
  • StumbleUpon
  • Digg
  • TwitThis
  • Mixx
  • Technorati
  • Facebook
  • NewsVine
  • Reddit
  • Google
  • LinkedIn
  • YahooMyWeb

Related Posts of fortify SCA code detection tool

  • For the past two days, ruby development web site performance test summary

    This is only the individual test, is also a ruby beginner test, if ill-Optimize and causing significant error also invited Members to make the exhibitions. Rails vs Rack vs Merb: Merb worse performance than Rails, but documents, rich plug-ins, plus Rack c

  • js events Guinness 2

    Event source object event.srcElement.tagName event.srcElement.type Capture release event.srcElement.setCapture (); event.srcElement.releaseCapture (); Events button event.keyCode event.shiftKey event.altKey event.ctrlKey Return value events event.returnVa

  • Eclipse to run using the specified JVM m2eclipse plugin can not find tools.jar

    Used the m2eclipse plug-ins using struts2 when com.sun necessary to rely on the default-tools.jar, specifically because at the struts-annotations bag designated default-tools.jar <profile> <id> default-tools.jar </ id> <activatio ...

  • Struts + Spring + Hibernate practice

    Tools: Eclipse3.1, MyEclipse4.03, Tomcat5.5.9, Properties Editor plug-ins, MySql4.1.13 New construction: the name for the login Create Struts framework Create index.jsp, add a link to login.jsp Press Ctrl + N, to create login.jsp, LoginAction, the use of

  • Rails source code analysis (1): RailsFCGIHandler

    In accordance with the sequence starting from the beginning CGI Ruby CGI Doc: The Common Gateway Interface ( CGI ) Is a simple protocol for passing an HTTP request from a web server to a standalone program, and returning the output to the web browser ...

  • Rails source code analysis (4): Request / Response

    1) Rails defines two abstract class: AbstractRequest and AbstractResponse code is not posted, first take a look at Response. 2) is mainly responsible for the specific ctgi_process.rb main interface is responsible for implementation methods of impleme ...

  • Rails source code analysis (6): ActionController:: Flash

    Flash's role: The flash provides a way to pass temporary objects between actions. Anything you place in the flash will be exposed to the very next action and then cleared out. This is a great way of doing notices and alerts. In fact it is a mecha ...

  • WEB test summary (architecture, design) the best part

    1, for a total test architecture 1) thin-client, business logic rules in the server-side implementation of the majority. Such as news sites, portals, information websites. 2) fat client, a high security requirements, frequent interaction, complex bus ...

  • jBPM Development Getting Started Guide

    Although the workflow is still immature stage of development, not even a recognized standard. But its application has already been launched in the Express, indicating the market's demand for job-flow framework are urgent and enormous. Backgrounds of o

  • Openfire Plugin Developer's Guide

    Introduction Openfire features plug-ins are enhanced. This document is a guide to developers to create plug-ins. The structure of a plug-in Plug-ins Plug-ins openfireHome stored in the directory. When deploying a plug-in jar or war file, it will automatic

blog comments powered by Disqus
Recent Entries
Tag Cloud
Random Entries