Monday, 22 March 2010

Q1 release from Fortify SRG

« BSIMM2 | Main | Schneier on Software Security Assurance »

If you're a Fortify customer you already know we released updates in three main areas at the end of February (we always release the last business day of the second month of the quarter). If you haven't seen these updates, I decided to post a summary of what we've been up to here. As of this release, the Fortify Secure Coding Rulepacks detect 439 unique categories of vulnerabilities across 18 languages and over 650,000 individual APIs. In brief, our latest releases include:

Fortify Secure Coding Rulepacks

Oracle Application Framework – Support for Oracle Application Framework (OA Framework), the Oracle Applications development and deployment platform for HTML-based business applications.

CakePHP – Support for the CakePHP rapid development framework, which includes the model-view-controller framework and simplifies database interaction.

SANS/CWE, OWASP, FISMA Standards Support – Vulnerabilities generated by this rulepack now include a reference to like issues found in the 2009 SANS/CWE Top 25, OWASP 2010 Top 10, and FISMA (specifically FIPS-200).

4 New Categories – New categories include Race Condition: Format Flaw, Process Control: Invoker Servlet, and CakePHP Misconfiguration vulnerabilities.

50+ Enhancements – Over 50 internally and externally requested minor enhancements.

Fortify RTA Rulepack Kit

Spring Security 2 – Provides support for identifying brute force logins and report Spring Security authorization failures and privilege changes at runtime.

Premium Content

Microsoft SDL – Process templates for Fortify 360 Governance users implementing the four security maturity models in the Microsoft Security Development Lifecycle (MS SDL): Basic, Standardized, Advanced, and Dynamic.

CVSS – Project templates for auditors using Fortify SCA and Audit Workbench to annotate vulnerabilities using the Common Vulnerability Scoring System (CVSS).

Posted by jwest at 12:18 PM in Fortify

Responses (0)

[Trackback URL for this entry]

Your comment:

Author (*):

E-mail:

URL:

Comment (*):

Remember me?

SCode: (*)

Generate another code
SCode

Please enter the code as seen in the image above to post your comment.

Live Comment Preview:

« March »
Sun	Mon	Tue	Wed	Thu	Fri	Sat
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Recent Posts
- Back to All Posts
Meet the Bloggers
- Brian Chess
- Jacob West
- Joy Forsythe
- Yekaterina Tsipenyuk O’Neil
- Matias Madou
- Abraham Kang
- Sejal Kamani
- Sarah Cheng
- Sam Ng
- Jack Herrington
Categories
Fortify Resources

Software Security Resources

Products and Services
Recommended Blogs
- Justice League
- Schneier on Security
- SecurityFix
- CERIAS
- Security Curve
- 1 Raindrop
- Michael Howard's Weblog
- Computer Security
- A Passion for .NET Security
- Emergent Chaos
Subscribe

Feedburner (RSS)

Local (RSS)

Local (RSS v2.0)

Local (Atom)
About

Fortify Software
Recommended Books
- Secure Programming with Static Analysis
  by Brian Chess and Jacob West
- Security Metrics: Replacing Fear, Uncertainty, and Doubt
  by Andrew Janquith
- Building Secure Software: How to Avoid Security Problems the Right Way
  by John Viega and Gary McGraw
- IEEE Security & Privacy Magazine
- How to Break Software Security
  by J. Whittaker and H. Thompson
- Security Engineering
  by Ross Andersen
- Software Security: Building Security In
  by Gary McGraw
- The Security Development Lifecycle
  by Michael Howard and Steve Lipner
- The Shellcoder's Handbook: Discovering and Exploiting Security Holes
  by Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, Sinan "noir" Eren, Neel Mehta, Riley Hassell
- Writing Secure Code, 2nd ed.
  by M. Howard and D. LeBlanc

Off by On

A Software Security Blog

Monday, 22 March 2010

Q1 release from Fortify SRG

Your comment:

Live Comment Preview:

Recent Posts

Meet the Bloggers

Categories

Fortify Resources

Recommended Blogs

Subscribe

About

Recommended Books