HP, in collaboration with their acquisitions of Fortify and SPI Dynamics, announced yesterday the release of its new real-time security testing application, HP Fortify Real Time Analysis.

The tool allows testers to pinpoint the security holes and then prioritize the issues in their bug-tracking system, according to Subbu Iyer, senior director of products application life-cycle management at HP Software.

“Customers [of HP] use the Web Inspect tool [from the SPI Dynamics acquisition] to test their Web application and as it passes through the security gate,” said Iyer. “The tester runs the real-time application in the background to see what line of code is causing the issues that may arise during testing. It helps the customer resolve issues faster.”

This solution brings together the Fortify On Demand SaaS solution, and the SPI Dynamics Web Inspect technology to provide real-time analysis of both static and dynamic testing situations.

The issues found in the code are prioritized after being sent to a repository, which varies depending on the tool a developer is using.

“If they are using Fortify, the defects will be sent to the Fortify 360 server; if they’re using Web Inspect, it can be sent to the AMP or assessment platform,” Iyer said. He added that these defects can then be pulled into HP’s bug tracking system or whatever system the developer is using.


All solutions are available as on-premise or as an SaaS, and pricing varies based on the variety of tools purchased. Most are sold as per-server or per-seat licenses. The tools are also integrated with all of HP’s application life-cycle management offering.