Fortify Software announced the release of a major update to the Fortify Secure Coding Rulepacks that drive the award-winning vulnerability identification of Fortify Source Code Analysis.
The updated Secure Coding Rulepacks include:
– Increased breadth: 34 new distinct vulnerability categories.
– Enhanced support for .NET: 24 new vulnerability categories and coverage for five new third-party libraries, including the Microsoft Enterprise Library.
– Expanded JSP support: Coverage for popular tag libraries, including JSTL and Apache Struts, for enhanced protection from cross-site scripting and SQL injection attacks.
– Detection of persistent Cross-Site Scripting vulnerabilities: Fortify SCA now detects one of the most common and difficult to identify forms of cross-site scripting, which occurs when malicious data from an attacker is stored in a database and later included in dynamic content sent to a victim.
Fortify SCA 4.0, released in October 2006, is the most widely used and effective solution to find and fix software vulnerabilities at the root cause early in the development cycle. Its advanced features help developers identify and resolve issues with less effort, while enabling security leads to review and prioritize more code in less time. Fortify SCA supports a wide variety of languages, frameworks and operating systems and delivers depth and accuracy in its results. It can be tuned to be comprehensive when completeness is needed or extremely targeted for day-to-day use. Fortify SCA makes triage, audits and remediation fast and effective for any organisation.