Using advanced correlation of both static and dynamic testing of Web applications, Fortify Software and HP today announced a new security-analysis technology they call Hybrid 2.0. It enables improved visibility into security risks, increased test accuracy and faster reactions to exploits, and it connects penetration test results directly to source code analysis.
“Everyone is looking for getting better reporting,” said Jeff Morgan of HP’s Application Security Center product management team, “but the reality is that to get there, you need to aggregate information and actively correlate before you get to the reporting stage.”
Bringing together the outside-in view of dynamic testing and the inside-out view of code scanning, Hybrid 2.0 delves deeper into vulnerabilities and also automates the priority process. This enables the elimination of manual time spent on identifying an exploit, alleviating pressures from a business, development and security point of view.
Other companies, such as IBM, have also moved toward the hybrid security software space, said Joseph Feiman, a Gartner analyst. IBM acquired dynamic testing company Watchfire in 2007 and static analysis company Ounce Labs in August of 2009, giving the company the elements to take a hybrid approach to security testing.