HP software released today Fortify On-Demand, a way of dealing with application security in the cloud by utilizing Fortify’s technology to create a stack on top of HP’s Application Security Center.
Taylor McKinley, product marketing manager at Fortify, said Fortify On-Demand combines both static and dynamic analysis in the cloud. “Developers can upload their product to our offering, and then it will be returned with a detailed analysis of the vulnerabilities. Fortify combined their static technology with HP’s Web-inspect dynamic technology to enhance this offering,” he said.
McKinley added that the security can be done in the QA environment before production, and that Fortify On-Demand secures all applications, including those for the Web, mobile and desktop environments.
Developers can also embed this technology into their existing application development tools, like agile management tools, which also allow security professionals to work “side-by-side” with developers, according to McKinley.
Reports are delivered as a summary and in a detailed version, and can be integrated into the life-cycle application, he said.
According to Neil Ashizawa, senior manager at HP for Software-as-a-Service products, the solutions provided by the recent acquisitions of security companies ArcSight and Fortify will continue to be integrated to address enterprise security concerns. They will be available for consumption for both on-premise deployments or for the cloud.
“Web application security is a new portion of security,” said Ashizawa. “This stack will allow companies to broker this always-on service as part of the Fortify On-Demand offering.”