Micro Focus Fortify Software Security Content 2019 Update 1

Micro Focus Expert
Micro Focus Expert
0 1 2,485

Micro Focus_Logo.png

 

 

Fortify Software Security Research Release Announcement

Micro Focus Security Research

hoole@microfocus.com | 29 March 2019

 

Micro Focus Fortify Software Security Content

2019 Update 1

 

Fortify Software Security Research (SSR) is pleased to announce the immediate availability of updates to Fortify Secure Coding Rulepacks (English language, version 2019.1.0), Fortify WebInspect SecureBase (available via SmartUpdate), Fortify Application Defender, and Fortify Premium Content.

The Micro Focus Fortify Software Security Research team translates cutting-edge research into security intelligence that powers the Micro Focus Security Products Portfolio. Highlights in this Release Announcement include:

Micro Focus Fortify Secure Coding Rulepacks [SCA]

With this release, the Fortify Secure Coding Rulepacks detect 796 unique categories of vulnerabilities across 25 programming languages and span over one million individual APIs. In summary, the release includes support for the following:

  • Angular 7 [i]
  • AWS Lambda Functions
  • AWS Java SDK v2
  • Python Django 2.1.7 [i]
  • Apache Wicket 8 [i]
  • DISA STIG 4.9

Micro Focus Fortify SecureBase [Fortify WebInspect]

Fortify SecureBase combines checks for thousands of vulnerabilities with policies that guide users in the following updates available immediately via SmartUpdate:

Vulnerability support

  • Often Misused: File Upload
  • SQL Injection
  • Sensitive Information Leak: External
  • Cross-Frame Scripting
  • Content Management System (CMS) Fingerprinting [ii]

Compliance report

  • DISA STIG 4.9

Policy Updates

  • New policy to include checks relevant to DISA STIG 4.9.

Micro Focus Fortify Application Defender

Fortify Application Defender is a runtime application self-protection (RASP) solution that helps organizations manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time. For this release, the Micro Focus Fortify Software Security Research team provides the following feature improvements:

  • OGNL Expression Injection: Struts 2

Micro Focus Fortify Premium Content

The research team builds, extends, and maintains a variety of resources outside our core security intelligence products.

DISA STIG 4.9 reports [iii]

To accompany the new correlations, this release also contains a new report bundle for Fortify SSC with support for DISA STIG 4.9, which is available for download from the Fortify Customer Support Portal under Premium Content.

Micro Focus Fortify Taxonomy: Software Security Errors

  • The Fortify Taxonomy site, containing descriptions for newly added category support, is available at https://vulncat.fortify.com/.
  • Customers looking for the legacy site, with the last supported update, may obtain it from the Micro Focus Fortify Support Portal.

Details are available in the attached release letter along with specific feature requirements. We hope that you continue to find our products helpful and we welcome any feedback. If you have any questions, please don’t hesitate to contact us.

Contact Software Security Research

Alexander M. Hoole

Manager, Software Security Research

Micro Focus Fortify

hoole@microfocus.com

+1 (650) 258-5916

https://software.microfocus.com/en-us/software/security-research

 

Contact Fortify Technical Support

Micro Focus Fortify

https://softwaresupport.softwaregrp.com/

+1 (844) 260-7219

 

-----------------------------------------------

[i] Support for Angular 7, Django, and Wicket requires Fortify SCA version 19.1.0 or later for optimal results.

[ii] Sitefinity detection requires WebInspect 19.1.0 or later.

[iii] Support for the DISA STIG 4.9 report requires Fortify SSC version 18.20 or later.

1 Comment
Micro Focus Contributor
Micro Focus Contributor

What's the current process to obtaibn the Support Libraries document?

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.