Uncategorized

Fortify Static Code Analyzer: Comparing Two Scans

Introduction As a security professional, you’re proud of your static code scanning program. You run scans every month. Fortify Static Code Analyzer cranks out consistent results. Software Security Center lets developers exhaustively research each and every Common Weakness Enumeration (CWE). Surely, they have enough information to effectively manage their security backlog? That was you think, […]

Static Code Analysis

Fortify Static Code Analyzer And Family Reporting: Basic Statistics

Fortify Software Security Center Application Vulnerability Counts by Priority In the previous post in this series, I showed you how to pull basic scan information out of the SQL Server database that houses Fortify’s Software Security Center (SSC) data. Fortify’s Static Code Analyzer (SCA) produced the *.fpr output file that populated SSC.  In this post, […]

Static Code Analysis

Introduction: Fortify Static Code Analyzer and Family Reporting

SAST: You Can’t Improve What You Can’t Measure Protecting your custom applications and data is a never-ending task. It seems like the burden on application architects, designers, and developers has only increased in the world of Continuous Integration/Continuous Deployment (CI/CD). Teams have to find the right mix of tools like Dynamic Application Security Testing tools […]