Fortify integration helps developers code securely

Fortify integration helps developers code securely

Security_Guest Absent Member.

Guest post by Harley Adams, Senior Product Marketing Manager. 

The new SDLC is driven by speed. The number of applications and the release frequency is accelerating. DevOps momentum requires that security ‘shifts left’ in the SDLC, or the software development life-cycle, to better equip developers to identify and prevent vulnerabilities before waiting for testing that is more typical of a waterfall development model. Finding and fixing security vulnerabilities in web applications with Secure DevOps requires a security program based on integration and automation. 

SecureCode Warrior.jpgBut wait, there’s more! Shifting left also makes it possible to help developers learn how to avoid writing new vulnerabilities. AppSec tools that integrate into their native integrated development environment or IDE, can provide feedback to help developers learn more secure coding practices. Call this ‘continuous feedback at DevOps speed’ that provides knowledge to developers to code securely. 

Fortify application security has an outstanding track record of helping developers code securely with integrated computer-based-training courses and other support. Tony Spurlin, Chief Information Security Officer at Cox Automotive, said Fortify delivers “…unparalleled support across our organization. From pre-sale educational sessions to monthly developer luncheons, we gain insights that help us continuously improve.” 

Now…drum roll… Secure Code Warrior  announced that its platform integrates with Security Testing Solution Fortify on Demand to Deliver Real-Time Security Vulnerability Training 

Fortify is the first application security solution to have this integration with Secure Code Warrior. Now, any vulnerabilities identified by Fortify on Demand (FoD) will offer a direct link to a practical training module that teaches the developer why the problem happened, how to fix it, and how to prevent making the same mistake again. The developer can take very specific training that is directly applicable to their day-to-day. 

Scott Johnson, Fortify Director of Product Management, sums it up: “It is 30 times more expensive to detect and fix vulnerabilities in committed code than it is to prevent them when writing code in the IDE. The Fortify and Secure Code Warrior integration provides a short and simple training approach with hands-on tests that keep security top of mind for every line of code that developers write.” 

What’s great about Secure Code Warrior is it teaches developers to not only identify but also remediate vulnerabilities in application code in a gamified manner, which moves away from the traditional in class training and appeals to the gaming mentality of developers by providing a competitive element. It is designed by professional developers and IT security experts, so learning activities align with industry standards, including the OWASP Top 10 Application Security Weaknesses. Developers can apply or improve their secure coding skills by playing in the language framework(s) they’re familiar with. 

Secure DevOps requires a security program based on integration and automation…and now real-time security vulnerability training. 

More about Fortify:
Fortify on Demand (FoD) delivers application security as a service, providing customers with the security testing, vulnerability management, expertise, and support needed to easily create, supplement, and expand a Software Security Assurance program. Fortify offers the most comprehensive static and dynamic application security testing technologies, along with run time application monitoring and protection, backed by industry-leading security research. Solutions can be deployed in-house or as a service. Contact us to learn more.

0 Kudos