Fortify's new Fortify On Demand service is basically a streamlined version of its static analysis scanning tool that checks applications for vulnerabilities. As part of the new service, Fortify is also offering the option for dynamic scanning and application penetration testing through WhiteHat. The service gives users the option of assessing the security of their applications without the need for an on-site scanning tool.
Fortify on Demand analyzes both source code and binary code, and can be used to assess both internally developed applications for flaws as well as third-party ones -- Enterprise Assessment Manager is the version of the service for internal apps, and Vendor Security Management for third-party apps. The service is basically a "lightweight" version of Fortify's Fortify 360 scanning tool, says Jacob West, director of Fortify's research group.
West says Fortify will provide reports from both its static analysis scan as well as the dynamic scan data from WhiteHat to help customers begin fixing any vulnerabilities or problems discovered by the service offering.
A pure static analysis service runs from $3,000 to $4,000 for a single scan, and $8,000 to $10,000 per application for one year, with unlimited scans. WhiteHat's dynamic analysis feature option costs $3,250 to $18,500 per application for one year, with unlimited scans.
"Security testing as a service is a way for enterprises to reduce up-front costs and to augment limited internal resources when undertaking a software security program," said Joseph Feiman, research vice president and Gartner Fellow, in a statement. "This technology area is growing and will have a significant impact on the application security market over the next 12 to 18 months."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.