Fortify’s Secure Coding Rulepack Highlights (release 2021.3.0)

by in Security

Fortify Software Security Research has just released a new rulepack and with it comes a couple of exciting topics to talk about, starting with our newly supported technology JSON. Recently, there has been a wider usage of cloud computing like AWS, Azure, and Google Cloud Platform (GCP); which has allowed developers to work more productively in a more cost-effective manner. This is done by having the cloud provider be responsible for managing and providing computer data centers to create a virtual environment with a specified computational capability in which the dev team can work.

Fortify’s Secure Coding Rulepack HighlightsThis process is referred to as Infrastructure as code (IaC), and with it adds a new link to the chain of security compliance our customers must take measures to address. The reason why JSON is tied to IaC is because initializing these virtual environments takes multiple steps that can be easily automated which means sensitive information like passwords can be accessible if not properly handled. With the additional supporting of JSON technology, Fortify is making the first step of many to cover customers’ needs for IaC security, and you can expect additional coverage by end of year.

The next topic we will cover is expanded support for Android and iOS. Mobile applications have now cemented themselves as a necessity for applications and services that put accessibility as a priority to address their customer’s needs. Regarding Android we have expanded the vulnerabilities fortify can detect with apps written Java or Kotlin that utilizes the Java API Framework. The same can be said for iOS since we updated our support for iOS 14 library APIs for both Objective-C and Swift. So if you’re creating a mobile application that supports Android and iOS you can utilize Fortify as a single tool for you security testing needs.

Lastly I wanted to talk about how Fortify is improving it already acclaimed false positive rate across multiple technologies like .NET, jQuery, and Java. The importance of reducing false positive can’t be understated since time should be spent resolving vulnerabilities rather than auditing them. Not only that, but Fortify has updated capabilities in querying data for OWASP ASVS 4.0 and added the 2021 Common Weak Enumeration (CWETm) top 25 to filter out vulnerabilities found in their testing efforts.

These are just a few of the technologies that were updated with this new rulepack release. For more in-depth information see this Fortify Secure Coding Rulepacks announcement. With every update we strive to show our commitment to supplying our customers with a powerful tool that supports a broad spectrum of industry used technologies so that they can navigate the increasingly complex and demanding field of application security. 

About Fortify 

Fortify has been named a leader in the Gartner Magic Quadrant for Application Security Testing for the 8th consecutive year. 

Fortify offers an end-to-end application security solution that secures and protects code throughout the entire development lifecycle of any type of software—from development to testing, release to production and every iteration in between. Fortify static, dynamic, interactive, and runtime security testing technologies are available on premise or on demand, offering organizations the flexibility needed to build an end-to-end software security assurance program. 


Application security