Integrations: Fix Security within Bug Bashing Process & APIs to Rule ‘em All

Commodore
Commodore
0 0 496
0 Likes

Traditionally, security vulnerabilities get discovered after the bug bashing process within the application development lifecycle. This causes delays in releases and frustration with developers. Finding security vulnerabilities and fixing them with other non-security bugs during development and test benefits all parties within the organization. This can be done by integrations into bug tracking systems and other development/test tools via API.

Code_BugFix.jpgManage & Fix Security Vulnerabilities within Bug Bashing Process

Bug tracking integrations make it easier for development and project management teams to manage and fix security vulnerabilities in the same efficient process as other features or non-security related bugs. No decent application security specialist would recommend automatically placing unaudited findings in bug trackers. Fortify has innovative machine learning-assisted audit predictions and service-based false positive removal to further enhance your ability to automate the bug validation and submission process.

Supported bug tracking integrations include Bugzilla, JIRA, Application Lifecycle Management (ALM)/Quality Center/ Octane, Team Foundation Server (TFS) /  Microsoft Visual Studio Team Services (VSTS), Fortify Bugtracker, Fortify WebInspect Enterprise and Unified Functional Testing.

Swaggerized APIs to Rule ‘em All

All Fortify solution APIs (on-premises or on-demand) leverage the Swagger framework to enable design and development of your own integrations with our security solutions while providing the rich, human-understandable documentation that makes quick delivery possible.

Fortify APIs provide a supportable way that you can build your own integrations to enable any workflow that your enterprise may be developing with. DevOps often means treating your infrastructure like code and with our rich endpoints, testing interface, and documentation you truly can.

To successfully secure software, we must make security ready, available, and easily consumable by the DevOps crowd. Fortify will continue to build integrations for necessary tools in the DevOps tool chain and empower you with the extensibility necessary to make the most effective integrations for your enterprise’s unique needs.

This post is part of Fortify Integrations series, starting with the main post, Integrations: Empowering Dev, Test & Ops with Security. Look for my next post coming soon: Make Sense of SAST and DAST.

About the Author
Application Security, Penetration Testing, Security
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.