We have a few newsworthy things going on with Fortify on Demand. If you are a Fortify on Demand user, you are enjoying the industry-leading (Gartner says so) Application Security Testing offering. Fortify on Demand is our Security-as-a-Service delivery model that includes both SAST and DAST techniques.
The first bit of news is we’ve added a bunch of new show-and-tell video demos to our library. The Fortify Unplugged YouTube channel has playlists for Fortify on Demand, Static Code Analyzer (SCA), WebInspect, and Software Security Center (SSC). Over the past several months we’ve added seven video demonstrations by one of our experts, Simon Howard. These are well-presented and showcase valuable pieces of the Fortify on Demand experience. There’s likely something here you wish you had known about, or perhaps watching a demo is way easier than piecing it together on your own.
Most importantly—there are new videos in our pipeline. Subscribe to our channel to stay up to date on the latest. And smash the like button to keep Simon motivated for recording more videos!
Here are the recent Fortify on Demand (FoD) videos:
- The Power of Filters: This demo shows the power of filters in Fortify on Demand (FoD) for application security testing. Use some off-the-shelf filters (for example-- business criticality) or create your own.
- Dashboards: A quick demo about Fortify on Demand dashboards.
- Static Scan Workflow: A detailed demonstration of a typical workflow when addressing results from a Fortify on Demand Static scan. This demo finds vulnerabilities like cross-site scripting (XSS) and insecure transport database issues. One approach is to integrate with bug tracking like JIRA or ALM. This video shows a second approach which is to audit and assign to one of the users on the tenant. Then the issue is triaged in the Visual Studio IDE, using the Fortify on Demand extension for Visual Studio. Pull results using RESTful APIs…analysis results, analysis trace issue summary, or audit summary. See the workflow from both the developer and the auditor's perspective.
- Reviewing Static Scan Results: learn how to review static scan results.
- Smart Fix Overview: This demo walks through how Fortify on Demand can use the Smart Fix feature to make vulnerability remediation more efficient.
- Reports: This is a quick show-and-tell about Fortify on Demand's reporting functionality.
- Upload Tool: This demo shows the Fortify on Demand Upload Tool that enables you to automate some of the process of uploading a payload.
Let me know which ones were most helpful, or any topic that would really help you.
The second bit of news is our latest feature release last month of Fortify on Demand version 19.2. Here’s the product announcement. If you didn’t see this, subscribe to our Product Announcements Board on our community site:
- Sign in to the Product Announcements Board with your MySupport/Community credentials, or register if you have not previously done so. You must be a registered user in order to subscribe.
- Click the “Subscribe to forum updates” button.
- To review or modify notification preferences: From the same page, Click on Options > My preferences > SUBSCRIPTIONS & NOTIFICATIONS Tab > Notification Settings Tab
When you visit, you will find that the Announcements Board is internally managed and is only updated with the most critical product updates such as new product releases, security content updates and security bulletins. We know you are busy, so we keep it simple and won’t fill your inbox with things you don’t need.
That’s it for now—thanks for reading.
About Micro Focus Fortify:
Micro Focus Fortify offers the most comprehensive static and dynamic application security testing technologies, along with runtime application monitoring and protection, backed by industry-leading security research. Solutions can be deployed in-house or as a managed service to build a scalable, nimble Software Security Assurance program that meets the evolving needs of today’s IT organization.