Fortify launches online scanning tool

Fortify on Demand focuses on 90 common vulnerabilities

Software security firm Fortify Software today launched a new hosted service designed to provide information security professionals and developers with the means to test code for vulnerabilities.

Fortify on Demand takes some of the core static analysis functionality of the firm's Fortify 360 security suite and combines it with dynamic application security testing powered by WhiteHat Security in a user-friendly software-as-a-service (SaaS) offering.

The technology combines binary and source code analysis to focus on a core set of 90 common vulnerabilities in .Net, Java and PHP languages, which covers "the vast majority of web apps out there today", according to Fortify's senior vice president of products and technology, Barmak Meftah.

It's available in two solution sets: Enterprise Assessment Management and Vendor Security Management, for firms looking to assess internal and third-party software, he explained.

"Any other technology component and traditional security measures would be effective but the software stack is exposing companies to a high level of risk, " he said.

"Fortify on Demand is cheap, low touch and requires little expertise to use – you simply upload the code and get an accurate and comprehensive assessment very expeditiously."

Meftah explained that although the target market for the product is initially the enterprise market, the firm has aspirations to extend this out to small and medium-sized customers.