Sponsored By

Product Watch: Fortify Teams With WhiteHat Security In SaaS Launch

Fortify Software to offer a combination static and dynamic application security testing service

Fortify Software today kicked off its first security services offering -- a software-as-a-service offering that includes an option for dynamic application security testing with WhiteHat Security.

Fortify's new Fortify On Demand service is basically a streamlined version of its static analysis scanning tool that checks applications for vulnerabilities. As part of the new service, Fortify is also offering the option for dynamic scanning and application penetration testing through WhiteHat. The service gives users the option of assessing the security of their applications without the need for an on-site scanning tool.

Fortify on Demand analyzes both source code and binary code, and can be used to assess both internally developed applications for flaws as well as third-party ones -- Enterprise Assessment Manager is the version of the service for internal apps, and Vendor Security Management for third-party apps. The service is basically a "lightweight" version of Fortify's Fortify 360 scanning tool, says Jacob West, director of Fortify's research group.

West says Fortify will provide reports from both its static analysis scan as well as the dynamic scan data from WhiteHat to help customers begin fixing any vulnerabilities or problems discovered by the service offering.

A pure static analysis service runs from $3,000 to $4,000 for a single scan, and $8,000 to $10,000 per application for one year, with unlimited scans. WhiteHat's dynamic analysis feature option costs $3,250 to $18,500 per application for one year, with unlimited scans.

"Security testing as a service is a way for enterprises to reduce up-front costs and to augment limited internal resources when undertaking a software security program," said Joseph Feiman, research vice president and Gartner Fellow, in a statement. "This technology area is growing and will have a significant impact on the application security market over the next 12 to 18 months."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights