Security Research
cancel

Fortify Software Security Content 2018 Update 1

Fortify Software Security Content 2018 Update 1

Micro Focus Frequent Contributor

mf-logo.png

Software Security Research Release Announcement

Micro Focus Security Research
hoole@microfocus.com | 30 March 2018

Micro Focus Security Fortify
Software Security Content
2018 Update 1

Fortify Software Security Research (SSR) is pleased to announce the immediate availability of updates to Fortify Secure Coding Rulepacks (English language, version 2018.1.0), Fortify WebInspect SecureBase (available via SmartUpdate), Fortify Application Defender, and Fortify Premium Content.
The Micro Focus Software Security Research team translates cutting-edge research into security intelligence that powers the Micro Focus Security Products Portfolio. Highlights in this Release Announcement include:

Micro Focus Security Fortify Secure Coding Rulepacks [SCA]
With this release, the Fortify Secure Coding Rulepacks detect 781 unique categories of vulnerabilities across 25 programming languages and span over 982,000 individual APIs. In summary, the release includes the following:

  • Improved Android Support
  • Improved Python Standard Library Support [i]
  • Support for JSON-simple Library
  • Xamarin Support [ii]
  • DISA STIG 4.5 Correlation
  • GDPR Correlation

Micro Focus Security Fortify SecureBase [Fortify WebInspect]
Micro Focus SecureBase combines checks for thousands of vulnerabilities with policies that guide users in the following updates available immediately via SmartUpdate:

Vulnerability support

  • Expression Language Injection: Spring
  • Privacy Violation: Email Disclosure [iii]
  • Privacy Violation
  • Insecure Deployment: Known Technology Fingerprint

Compliance report

  • General Data Protection Regulation (GDPR)
  • DISA STIG 4.5

Policy Updates

A policy customized to include checks relevant to GDPR compliance and another policy customized to include subset of checks relevant to DISA STIG 4.5 have been added.

Micro Focus Security Fortify Application Defender
Micro Focus Security Fortify Application Defender is a runtime application self-protection (RASP) solution that helps organizations manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time. For this release, the Micro Focus Security Fortify Software Security Research team provides the following new rules:

  • NoSQL Injection: MongoDB
  • Insecure SSL: ROBOT
  • Dynamic Code Evaluation: Unsafe Deserialization


Micro Focus Security Fortify Premium Content
The research team builds, extends, and maintains a variety of resources outside our core security intelligence products.

DISA STIG 4.5 and GDPR reports
This release contains a new report bundle with support for DISA STIG 4.5 and GDPR.

Micro Focus Security Fortify Taxonomy: Software Security Errors

  • The Micro Focus Security Fortify Taxonomy site, containing descriptions for newly added category support, is available at https://vulncat.fortify.com and https://vulncat.hpefod.com.
  • Customers looking for the legacy site, with the last supported update, may obtain it from the Micro Focus Security Fortify Support Portal.

We hope that you continue to find our products helpful and we welcome any feedback. If you have any questions, please don’t hesitate to contact us.

Contact Software Security Research
Alexander M. Hoole
Manager, Software Security Research
Micro Focus Security Fortify
hoole@microfocus.com+1 (650) 258-5916

https://software.microfocus.com/en-us/software/security-research

Contact Fortify Technical Support
Micro Focus Security Fortify
https://softwaresupport.softwaregrp.com/ +1 (844) 260-7219

-----------------------------------------------
[i]. Fortify SCA 18.10, or above, provides support for improved translation of Python 3 syntax.
[ii]. Translation and scanning of Xamarin projects require Fortify SCA version 18.10 or above.
[iii]. This check requires Fortify WebInspect 18.10 or above.

0 Kudos
About the Author

Erdem_Menges

Application Security, Penetration Testing, Security