Fortify Source Code Analysis Suite is currently the world's most widely used source code security scanning, analysis, and software security risk management software. It won many awards the world's leading software security, including InforWord, Jolt, SC Magazine .... At present many of the world-class software development enterprises are using the software solutions in their development team in accelerating the search efficiency of software security vulnerabilities, monitor and manage software security risks.
Software products as follows:
Fortify Source Code Analysis Engine (source code analysis engine)
Using data flow analysis engine, semantic analysis engine, the structure of the engine, engine control flow analysis, configuration analysis engine and the unique X-Tier tracker view code from different aspects of security holes, reduce the code to maximize security risk.
Fortify Secure Code rules: Fortify (software security code rules set)
With internationally recognized safety rules and a number of software security vulnerabilities expert advice, support software developers, security personnel and management to quickly grasp the knowledge of software security, identify software security vulnerabilities and fix software vulnerabilities. The classification and definition of its rules by a number of authoritative international organizations, including the U.S. Department of Homeland Security (CWE) standard, OWASP, PCI. . . And so on.
Fortify Audit Workbench (security audit table)
Assist developers, security auditors Fortify Source Code Analysis Engines (source code analysis engine) to scan for rapid analysis, search, locate and distinguish the serious level of software security problems.
Fortify Rules Builder (security rules Builder)
Provide custom software security code rules function to meet the specific project environment and enterprise software security.
Fortify Source Code Analysis Suite plug in (Fortify SCA IDE Integrated Development plug-ins)
Eclipse, WSAD, Visual Studio integrated development environment plug-in for developers to easily write code in the process of using the tool can scan the code, the code immediately identify security vulnerabilities, and immediately under the proposed fix, to eliminate safety deficiencies in the initial coding phase, early find security, reduce security issues to find and repair costs.
Source code security vulnerability scanning analysis functions:
1. Unique data flow analysis, tracking of infected, suspicious input data until the data is unsafe to use the entire process, and across all levels of software and programming language boundaries.
2. Unique semantic analysis technology found vulnerable to attacks of language function or process, and understand the context they use, and identifies a specific function or process safety risks caused by software
3. Unique control flow analysis techniques to accurately track the business operations of the order, found that construction is unreasonable because of the code brought the software security risks.
4. Unique configuration flow analysis software technical analysis the relationship between the configuration and code found in the software configuration and code, the configuration is lost or is not brought security risks
5. Unique code structure analysis of the structure from the source code to identify the code structure is irrational, and brought the issue of security vulnerabilities.
6. Custom security code rules function.
Source code security vulnerability audit function: 1. Vulnerability scan results summary and the priority level of division of functions.
2. Automatic navigation safety audit
3. Safety orientation and the process of tracking delivery problems.
4. Security check and filtering.
5. Security audit, the audit function of type of marginal notes and questions.
6. Descriptions and recommended fixes security issues recommendations.
1. From various aspects of software source code, find the software security vulnerabilities, is an analytical up hundreds, the most fully check the code security Wen Ti, Qi, respectively, for examination are: data flow, control-flow, meaning, Pei Zhi flow and code Jiegou
2. Is the only software able to cross the border at different levels and different languages, static analysis technology to track the process of the introduction of software security vulnerabilities.
3. Safety code rules the most comprehensive, most thorough security vulnerability checks. Now includes more than 150 kinds of categories of security vulnerabilities, the security code rules up to more than 50,000 articles. Rules covering ASP.NET, C / C + +, C #, ColdFusion, Java, JSP, PL / SQL, T-SQL, XML, VB.NET and other. NET and other languages
4. Software supports multiple international safety standards: OWASP, Payment Card Industry (PCI) Compliance, Federal Information Security Management Act (FISMA) Common Weakness Enumeration (CWE) .....
5. To support mixed-language analysis, including ASP.NET, C / C + +, C #, Java?, JSP, PL / SQL, T-SQL, VB.NET, XML and other. NET languages. Fortify SCA supports Windows?, Solaris ?, Linux?, AIX? and Mac OS? X .... and many other operating systems
6. Support for custom software security code rules.
7. Integrated software development environment (Microsoft Visual Studio, IBM RAD, and Eclipse.) And automated product build process.
8. Web-based interface, multiple projects can focus on the enterprise security statistics, analysis and management