Fortify on Demand
A cloud-based application security service that integrates security testing into the DevOps toolchain.
| Category | DevSecOps & Pipeline Security |
|---|---|
| This page updated | a month ago |
| Pricing Details | Pricing varies based on usage and deployment scale. |
| Target Audience | Developers, DevOps teams, security professionals. |
Fortify on Demand manages securing applications throughout the Software Development Lifecycle (SDLC) by integrating comprehensive security testing directly into the DevOps toolchain. This cloud-based service leverages Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Runtime Application Self-Protection (RASP) to identify and remediate vulnerabilities across various application layers.
The technical architecture of Fortify on Demand is designed for integration with popular development tools such as Eclipse, Microsoft Visual Studio, IntelliJ, GitHub, Atlassian Bitbucket, and major build and CI systems like Jenkins, VSTS/TFS, Bamboo, and CircleCI. This integration enables continuous feedback to developers, allowing them to address security issues in real-time, rather than as an afterthought. The service supports multiple mobile frameworks and can analyze mobile application binaries (IPA for iOS and APK for Android) to detect over 300 unique vulnerability categories, covering client, network, and server components.
Operational considerations include the ease of use and automation capabilities, which are crucial for scaling security testing without hindering development speed. However, the complexity of the testing methodologies and the volume of data generated can lead to increased computational resources and potential costs, especially in large-scale deployments. Additionally, the retention and analysis of historical data may require careful management to avoid performance degradation.
From a technical standpoint, Fortify on Demand utilizes proprietary frameworks to detect vulnerabilities and misconfigurations, and it provides extensive training and resources, such as the Secure Code Warrior platform, to enhance developer cybersecurity skills. The service also integrates the latest security research rule packs to ensure comprehensive coverage of new and emerging vulnerabilities. This holistic approach ensures that applications are secured across all phases of the SDLC, reducing the risk of vulnerabilities in the production environment.