Fortify’s new Fortify on Demand service offers penetration and static testing of binary code with an introductory price smaller than the 360 full service. On Demand is essentially the first half of Fortify 360, a security assessment service that include penetration, static, runtime and real-time testing.. In our interview this week, Fortify’s Barmak Meftah explained that the abridged version was created to give security testing capabilities to budget-constrained software development teams.
Penetration and static tests are key ingredients in application security testing, said Meftah, Fortify’s senior vice president of products and technologies.“What people often overlook is that static and penetration tests work complementary of one another. Although most companies choose one or other, mistaking them as the same test,” he said.
Fortify’s new service doesn’t require clients to bring their software in-house, thanks to White Hat-based software. Like Fortify 360, On Demand boasts the ability to run tests live without disruption to a live-running, online application. Analyzing binary code is a good practice and doesn’t require an application to be brought in-house to test for weaknesses, Meftah said. “We can assess the app and make changes live without altering the performance negatively or holding up online users,” he explained. “We can do this cheaply and easily, in a low-touch way. It is a great way to get started.”
On Demand’s service can run multiple tests simultaneously without damaging the running application. The runtime and real-time analyses are designed to observe and report security and performance algorithms from within the application. On Demand can be also used to track changes made in addition to monitoring the results of ethical hacking attempts.
“Our ideal client is a company that recognizes that they may have security issues and wants to know what the real risks are,” said Meftah. ” We show them our assessment, and if there are problems or even potential problems, we are able to show them what could happen if a spider, crawler or hacker infiltrates them,” said Meftah. Fortify helps testers “ethically or malicious hack our client’s applications without damaging them — recording the results of hacks and problems and reporting to them ways to repair the troubled app This provides them some insight into where the risks are and what can be done to prevent issues.”
If a company using on Demand later decides to upgrade to 360, it gains the option of using White Hat as well as the runtime and real-time analysis.