Fortify takes apps testing into the cloud

FORTIFY HAS launched an online application assessment tool to help developers ensure that their applications aren't riddled with exploitable bugs.

The company already has its Fortify 360 product, a locally installed software vulnerability scanner that helps developers ferret out and fix application security holes.

Its software-as-a-service (SaaS) product called "Fortify on Demand" allows just about anybody to upload source code or the binary of a program, which is then put through Fortify's static analysis wringer, focusing on a core set of over 90 vulnerabilities in the most popular applications.

As an added service, Fortify has teamed up with White Hat to provide the option of penetration testing the software as well.

"As the number of data breaches resulting from attacks against enterprise applications continues to grow, there is a real need for software security technology that is quick and easy to implement while still providing a thorough assessment of your code," said Barmak Meftah, senior vice president of Products and Technology for Fortify.

"For many organisations, the task of deploying an enterprise-wide software security program can be daunting. Fortify on Demand offers an easy first step for companies that need to assess their overall risk exposure and quickly implement a software security program."

According to Meftah, a hosted model was a natural choice for this service as it opens it up for use by developers as well ISVs or end customers who want peace of mind about the security of an application they have or are considering to purchase.

The on Demand scan also produces an assessment report that can be given to the acquirer as proof of the application's strength.

Fortify on Demand is available on a per scan basis, at $3,500 a pop, or as a annual subscription service where for $12,500 a year you can scan applications to your heart's content. µ