HP Goes Real Time for App Security
HP expands on its Fortify assets, integrating static with dynamic code analysis for real-time results.
HP is expanding its security solutions this week with the new HP Fortify Real-Time Hybrid Analysis solution.
The real-time solution builds on HP's Fortify security assets which were acquired in August of 2010. Even prior to the acquisition, HP and Fortify had been working together on a joint solution called Hybrid 2.0.
"Hybrid brought the correlation of static and dynamic analysis together," Subbu Iyer senior director of Products, Application Lifecycle Management at HP Software told InternetNews.com. "With real-time runtime analysis the solution is sitting in the background while an application is being attacked though a dynamic automated testing solution."
Iyer noted that the real-time solution is able observe the attack, identify if for example a SQL Injection attack is occurring. The solution can then go a level deeper to identify which was the offending line of code.
In addition to the real-time analysis solution, HP is also rolling out new versions of its WebInspect vulnerability analysis and HP Assessment Management Platform (AMP) applications. Iyer noted that WebInspect 9.0 benefits from new macro recording and session management features.
"We have the concept of assessment workspaces in AMP 9.0 so that you truly have a virtual workspace as a security tester," Iyer said. "Through the workspace you can track historical trends for an application that you may have tested over a period of months and see how the risk profile is trending."
From a broader perspective, HP is planning on expanding the real-time analysis for production monitoring systems.
"Stay tuned for some really excellent news before the end of the year on that front," Iyer said. "We're aiming towards providing customers with a risk dashboard, so you can get much better visibility into the risks posed by applications."