Absent Member.
Absent Member.
11902 views

Is Fortify and Webinspect the same ?

Jump to solution

Please help me understand if HP Webinspect and Fortify are the same ? and Fortify is embedded in Webinspect Tool ?

Regards,

Sravan

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

They do seem mixed, but let's see if I can separate them for you.  HP Fortify is the combination of two acquisitions by HP, SPI Dynamics and Fortify.

SPI Dynamics specialized in DAST testing, specifically web application security scanning.  They created WebInspect, QAInspect (EOL), Assessment Management Platform (AMP, EOL now on to WebInspect Enterprise), and DevInspect (EOL).

Fortify specialized in SAST testing, specifically code analysis for security risks.  They provided SSA professional services as well as created SCA (scanner), F360 Server (now SSC Server), and Runtime.  That last one is technically a RAST solution, protecting and monitoring the live application from security risks.

After these organizations were combined, we have HP Fortify.  Their current solution set includes WebInspect, SCA, SSC Server, WebInspect Enterprise, CloudScan plugin for SSC/SCA, Runtime (Logging and/or Protection), ApplicationView for Arcsight ESM, and WebInspect Agent (IAST agent for WebInspect).  The SaaS solutions offer Fortify On Demand (DAST and SAST) as well as Application Defender (cloud-based management of Runtime).

WebInspect is a point solution (Windows) for a pen tester to perform VA scanning of live web sites and/or web applications (SOAP, REST, et al).  Fortify SCA is a code analyzer (multiple OS) capable of reviewing more than 20 languages in a variety of ways (CLI, IDE plugin, Build-time integration, et al).  Fortify SSC Server collates and helps centralize multiple SCA users.  WebInspect enterprise serves as a plugin to bring the DAST testing performed by WebInspect into the SSC Server where it can reside alongside the code reviews for the same Projects.  This is all rather simple and fast, but I hope it helps.

You may learn more about these at http://www.hpenterprisesecurity.com  >>  http://www8.hp.com/us/en/software-solutions/application-security/index.html


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

View solution in original post

1 Reply
Micro Focus Expert
Micro Focus Expert

They do seem mixed, but let's see if I can separate them for you.  HP Fortify is the combination of two acquisitions by HP, SPI Dynamics and Fortify.

SPI Dynamics specialized in DAST testing, specifically web application security scanning.  They created WebInspect, QAInspect (EOL), Assessment Management Platform (AMP, EOL now on to WebInspect Enterprise), and DevInspect (EOL).

Fortify specialized in SAST testing, specifically code analysis for security risks.  They provided SSA professional services as well as created SCA (scanner), F360 Server (now SSC Server), and Runtime.  That last one is technically a RAST solution, protecting and monitoring the live application from security risks.

After these organizations were combined, we have HP Fortify.  Their current solution set includes WebInspect, SCA, SSC Server, WebInspect Enterprise, CloudScan plugin for SSC/SCA, Runtime (Logging and/or Protection), ApplicationView for Arcsight ESM, and WebInspect Agent (IAST agent for WebInspect).  The SaaS solutions offer Fortify On Demand (DAST and SAST) as well as Application Defender (cloud-based management of Runtime).

WebInspect is a point solution (Windows) for a pen tester to perform VA scanning of live web sites and/or web applications (SOAP, REST, et al).  Fortify SCA is a code analyzer (multiple OS) capable of reviewing more than 20 languages in a variety of ways (CLI, IDE plugin, Build-time integration, et al).  Fortify SSC Server collates and helps centralize multiple SCA users.  WebInspect enterprise serves as a plugin to bring the DAST testing performed by WebInspect into the SSC Server where it can reside alongside the code reviews for the same Projects.  This is all rather simple and fast, but I hope it helps.

You may learn more about these at http://www.hpenterprisesecurity.com  >>  http://www8.hp.com/us/en/software-solutions/application-security/index.html


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

View solution in original post

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.