Static Application Security Testing (SAST) scans the application source files, accurately identifies the root cause and helps remediate the underlying security flaws. Developer Benefits of Static Application Security Testing: Identify and eliminate vulnerabilities in source, binary, or byte code Review static analysis scan results in real-time with access to recommendations, line-of-code navigation to find vulnerabilities faster and collaborative auditing. Fully integrated with the Integrated Developer Environment (IDE)

Dynamic Application Security Testing (DAST) simulates controlled attacks on a running web application or service to identify exploitable vulnerabilities in a running environment. Benefits of Dynamic Application Security Testing: Provides a comprehensive view of application security by focusing on what’s exploitable and covering all components (server, custom code, open source, services) Can be integrated into Dev, QA and Production to offer a continuous holistic view Dynamic analysis enables a broader approach to manage portfolio risk (1000s of applications) and may scan legacy apps as part of risk management Tests functional app, so unlike SAST, is not language constrained and runtime and environment-related issues can be discovered

What is Application Security?

Q: What is the OWASP Top 10?

The Open Web Application Security Project ( OWASP ) is an open source application security community with the goal to improve the security of software. Its industry standard OWASP Top 10 guidelines provide a list of the most critical application security risks to help developers better secure the applications they design and deploy. Find overviews and practical tips for each of the Top 10 in A Developer’s Guide to the OWASP Top 10 .

Analytics & Big Data
Analytics & Big Data

Analytics for business insights in a data driven world
- Vertica Advanced Analytics Platform
  The fastest, open, infrastructure-independent, advanced analytics SQL database
- Cognitive Search & Knowledge Discovery
  
  Cognitive Search & Knowledge Discovery
  
  Quickly attain key information with best-in-class cognitive search and discovery
  
  IDOL
  Securely access and analyze enterprise (and public) text, audio & video data
- Security Analytics
  
  Security Analytics
  
  Search and analysis to reduce the time to identify security threats
  
  ArcSight Recon
  An intuitive hunt and investigation solution that decreases security incidents
  
  ArcSight Interset
  User and entity behavioral analytics that augments existing security tools and empowers security operations teams to identify and respond to the threats that matter before data is stolen
- IT Operations Analytics
  
  IT Operations Analytics
  
  Leverage big data to optimize and make your IT processes more efficient
  
  Operations Bridge Suite
  Autonomous operations through a business lens
  
  IT Service Management Automation Suite
  Intelligent automation for service desk, configuration, and asset management
- Big Data Platform
  
  Big Data Platform
  
  Open, secure, high-performance platforms to build Big Data analytics stacks
  
  Vertica
  SQL analytics solution handling large amounts of data for big data analytics
  
  Voltage SecureData for Hadoop
  High-scale protection of sensitive data at rest, in motion, and in use across systems
- AI Powered Unstructured Data Analytics Platform
  
  AI Powered Unstructured Data Analytics Platform
  
  AI powered, unstructured data analytics platform to leverage key insights stored deep within your data
  
  Data Access and Connectors
  IDOL connects to more data sources than anyone else.
  
  Text analytics
  AI and NLP Based Intelligent Text Analysis in real time
  
  Image analytics
  AI and ML Image Classification and Analysis in real time
  
  Video analytics
  AI and ML Video Classification and Analysis in real time
  
  Audio analytics
  AI and ML Audio Classification, Analysis, and Speech to Text
  
  Surveillance analytics
  Realtime video, image, and audio data Survailace Analytics
  
  Cognitive search
  Natural Language Porcessing pinpoints the data you need with simplified AI analytics and analysis
  
  Semantic Search
  Percise semantic answers to natural language search questions
  
  Insight engine
  AI Based Intelligent search engine tools to extract deep insights from all of your data
  
  Natural Language Question Answering & Chatbot
  Communicate and engage customers using AI and ML to deliver a human dialogue chatbot.
  
  For OEMs
  OEM SDKs unstructured data analytics to developers, reducing risk, time to market, development costs, and maintenance
  
  KeyView
  File format detection, content decryption, text extraction, subfile processing non-native rendering, and structured export
Application Delivery Management

Application Delivery Management

Streamline your software factory to deliver better value faster and safer

ALM Octane
Optimize the flow of work for continuous quality and delivery

ALM/Quality Center
Govern quality with rigorous, auditable software lifecycle processes

UFT Family
Combine extensive technology support with AI-driven continuous functional testing

Dimensions CM
Enable all aspects of SCCM with enterprise grade scalability, security, and compliance

LoadRunner Family
Deliver high-performing applications with continuous performance engineering

Release Control
Plan, track, orchestrate, and release complex applications across any environment

Fortify
Find software security issues early and fix at the speed of DevOps

Deployment Automation
Automate deployments for continuous delivery with drag-and-drop simplicity

Project & Portfolio Management
Align corporate investments with business strategy

View All Products
Access a list of all products in application delivery management
Application Modernization & Connectivity
Application Modernization & Connectivity

Modernize Core Business Systems to Drive Business Transformation
- COBOL
  COBOL
  
  Build and modernize business applications using contemporary technology
  
  Develop & Deploy
  
  Develop & Deploy
  
  Modernize COBOL and PL/I business applications using state-of-the-art tools
  
  Visual COBOL
  Future-proof core COBOL business applications
  
  Extend / AcuCOBOL-GT
  Maintain and enhance ACUCOBOL-based applications
  
  AcuToWeb
  Deliver application access—anywhere
  
  NetExpress / Server Express
  Maintain and enhance COBOL systems
  
  RM/COBOL
  Maintain and enhance RM/COBOL applications
  
  Data Modernization
  
  Data Modernization
  
  Unlock the value of business application data
  
  Database Connectors
  Connect COBOL applications to relational database management systems
  
  Relativity
  Derive incremental value with real-time, relational access to COBOL data
  
  Acu-XDBC
  Unlock business value with real-time, relational access to ACUCOBOL data
  
  Acu-4GL
  Connect ACUCOBOL applications to relational database management systems
  
  Application Analysis
  
  Application Analysis
  
  COBOL Analyzer
  Automatically understand and analyze Micro Focus COBOL applications
  
  Agile & DevOps
  Build COBOL applications using Agile and DevOps practices
  
  Linux, Cloud & Containers
  Deploy COBOL applications across distributed, containerized or cloud platforms
  
  Application Rehosting
  Modernize core business system infrastructure to support future innovation
- Visual COBOL
- Mainframe
  Mainframe
  
  Modernize IBM mainframe applications, delivery processes, access and infrastructure
  
  Plan & Manage
  
  Plan & Manage
  
  Plan, manage and deliver Enterprise software with compliance and certainty
  
  Atlas
  Manage agile projects using a collaborative, flexible, requirements and delivery platform
  
  Dimensions RM
  Manage requirements with full end-to-end traceability of processes
  
  Analyze
  
  Analyze
  
  Understand, analyze, and extract critical mainframe COBOL application value
  
  Enterprise Analyzer
  Automatically understand and analyze IBM mainframe applications
  
  Enterprise View
  Capture, analyze, and measure the value, cost and risk of application portfolios
  
  Business Rule Manager
  Build packages of change artifacts to speed up mainframe application development
  
  Control
  
  Control
  
  Manage all aspects of change for robust, automated mainframe application delivery
  
  ChangeMan ZMF
  Build and manage packages of change artifacts to speed up mainframe application development
  
  (ChangeMan ZMF) Client Pack
  Provide multiple change management interfaces to maintain mainframe apps
  
  Develop
  
  Develop
  
  Build, modernize, and extend critical IBM mainframe systems
  
  Enterprise Developer
  Build and modernize IBM mainframe COBOL and PL/I applications
  
  Enterprise Sync
  Enable faster, efficient parallel development at scale
  
  Verastream
  Fuel mobile apps, cloud initiatives, process automation, and more
  
  StarTool FDM
  Manage mainframe files for fast problem resolution
  
  Test
  
  Test
  
  Accelerate IBM mainframe application testing cycles with a scalable, low-cost solution
  
  Enterprise Test Server
  Easily test mainframe application changes using flexible infrastructure
  
  Comparex
  Compare and manage mainframe data, text, and directory files
  
  Release
  
  Release
  
  Automate deployments and orchestrate the application release process to join teams
  
  Deployment Automation
  Connect Dev and Ops by automating the deployment pipeline and reduce feedback time
  
  Release Control
  Centralize planning and control for the entire software release lifecycle
  
  Solutions Business Manager
  Orchestrate and integrate processes for faster software development and delivery
  
  ChangeMan SSM
  Detect changes, synchronizes multiple environments, and restores failed systems
  
  Deploy
  
  Deploy
  
  Leverage modern Hybrid IT infrastructure to execute application workload in a fit-for-purpose model
  
  Enterprise Server
  Execute IBM mainframe COBOL and PL/I workload on Windows, Linux and the Cloud
  
  Enterprise Server for .NET
  Execute modernized IBM mainframe workloads under Microsoft .NET and Azure
- Host Connectivity
  Host Connectivity
  
  Modernize host application access: easier to use, easier to integrate, easier to manage, more secure
  
  Access
  
  Access
  
  Modernize application access across desktop, web, and mobile devices
  
  Reflection
  Modernize IBM, HP, and Unix application access across desktop and mobile devices
  
  Host Access for the Cloud
  Web-enable IBM and VT application desktop access, Java free
  
  InfoConnect
  Modernize Unisys mainframe application desktop access
  
  Rumba
  Modernize IBM, HP, and Unix application desktop access
  
  Extra!
  Automate IBM, HP, and Unix application desktop access
  
  Integrate
  
  Integrate
  
  Bring the value of host applications to new digital platforms with no-code/low-code modernization
  
  Host Access for RPA
  Gain access to everything required to successfully integrate the mainframe in your RPA projects
  
  Verastream
  Create new applications and workflows with Web services and APIs for IBM, HP, and UNIX applications
  
  Databridge
  Fuel analytics platforms and BI applications with Unisys MCP DMSII data in real time
  
  Secure
  
  Secure
  
  Respond to new regulatory requirements for host application access and data protection
  
  Host Access Management & Security Server
  Centralize host access management with identity-powered access control and data security
  
  Reflection for Secure IT
  Modernize file transfer with security, encryption and automation, within and across the firewall
  
  Advanced Authentication Connector for z/OS
  Learn how Advanced Authentication Connector for z/OS is a multi-factor authentication for all your IBM z/OS end points
  
  Manage
  
  Manage
  
  Improve governance for host access software and infrastructure
  
  Host Access Analyzer
  Measure and manage terminal-based software deployment and usage
  
  Host Access Management & Security Server
  Centralize host access management with identity-powered access control and data security
- CORBA
  
  CORBA
  
  Attain interoperability of systems across the enterprise
  
  VisiBroker
  Develop and deploy applications with a comprehensive suite of CORBA products
  
  Orbix
  Build distributed applications at enterprise scale
  
  Orbacus
  Develop, deploy, and support CORBA 2.6 compliant middleware in C++ or Java
  
  OpenFusion
  Connect applications on diverse operating environments
Team Collaboration & Endpoint Management
Team Collaboration & Endpoint Management
- Collaboration
  
  Collaboration
  
  Build a productive, mobile workforce.
  
  Enterprise Messaging
  Email, IM, chat-based teamwork, anti-virus, anti-spam, disaster recovery, and more
  
  Filr
  Provides secure file access and sharing from any device
  
  GroupWise
  Provides secure email, calendaring, and task management for today's mobile world
  
  GroupWise Disaster Recovery
  Backup and disaster recovery solution that ensures critical email is always available
  
  Open Workgroup Suite
  Seven essential tools to build IT infrastructures, including secure file sharing
  
  Vibe
  Provides secure team collaboration with document management and workflow features
  
  Secure Messaging Gateway (GWAVA)
  Protect your network and messaging system from malware, viruses, and harmful content
- File and Print
  
  File and Print
  
  Delivering critical file, storage and print services to enterprises of all sizes
  
  Access Manager
  Provides single sign-on for enterprises and federation for cloud applications
  
  Advanced Authentication
  Protect your sensitive information more securely with multi-factor authentication
  
  File Management Suite for OES
  File Reporter and Storage Manager solution suite bundle
  
  File Reporter for OES
  File Reporter for OES examines OES network file systems and delivers intelligent file insights so you can make the most intelligent business decisions.
  
  Filr
  Provides secure file access and sharing from any device
  
  OES Business Continuity Clustering
  Protects your key business systems against downtime and disaster
  
  OES Cluster Services
  Simplifies resource management on a Storage Area Network and increases availability
  
  Open Enterprise Server
  File, print, and storage services perfect for mixed IT environments
- Unified Endpoint Management and Protection (UEMP)
  
  Unified Endpoint Management and Protection (UEMP)
  
  Unify traditional and mobile device management to reduce costs, improve productivity and protect the organization.
  
  Endpoint Backup
  Policy-based backup and ransomware protection for your endpoint devices
  
  Desktop Containers and Application Streaming
  Application containerization & application streaming improves organizational remote work & remote learning
  
  Software Asset Management
  Track software deployments and usage, maintain license compliance, understand costs & monitor contracts.
  
  Endpoint Device Management
  Manage your mobile and traditional endpoint devices anywhere, with Unified Endpoint Management
  
  Endpoint Security Management
  Secure your Windows devices with policy-based device controls.
  
  Full Disk Encryption
  Protect data on your Windows desktops and laptops by encrypting fixed disks.
  
  Endpoint Software Patch Management
  Identify missing software patches and applicable CVEs, automate patch delivery with policies.
  
  Service Desk
  Fast and easy ITIL-based service desk solution, integrated with Unified Endpoint Management.
  
  ZENworks Suite
  ZENworks Suite helps you easily track, manage, and protect your endpoint devices.
Information Management & Governance
Information Management & Governance

Trusted, proven legal, compliance and privacy solutions
- Compliance Archiving
  Compliance Archiving
  
  Cloud regulatory compliance, data surveillance, contextual search, eDiscovery, data analytics, AI and ML.
  
  Compliance Archiving - Enterprise
  
  Compliance Archiving - Enterprise
  
  Ingest, enrich, archive and analyze business communications for eDiscovery, data governance and supervision.
  
  Compliance Archiving Supervision and Surveillance
  Reduce false positives, ensure audit controls, achieve regulatory compliance and save review time.
  
  Social Collaboration
  Streamline compliance with Digital Safe multichannel archiving and supervision
  
  Social Media Governance
  Monitor the breadth of business communications for ediscovery, data governance and regulatory compliance.
  
  Compliance Archiving Reporting and Insights
  Cloud-native, social collaboration-optimized reporting and interactive visual dashboards.
  
  End User Mail Search and Access
  End-users can simply access, search, review and print or download any of their own archived materials.
  
  eDiscovery
  Manage electronic discovery from ingestion through review – one tool – one technology.
  
  Managed Services
  Simplify and optimize compliance through expert-led Managed Cloud Services and Archiving Consulting Services.
  
  Compliance Archiving - Mid-Market
  
  Compliance Archiving - Mid-Market
  
  Ingest, enrich, archive and supervise business communications for regulatory compliance.
  
  Compliance Archiving Supervision and Surveillance
  Reduce false positives, ensure audit controls, achieve regulatory compliance and save review time.
  
  Social Collaboration
  Streamline compliance with Digital Safe multichannel archiving and supervision
  
  Social Media Governance
  Monitor the breadth of business communications for ediscovery, data governance and regulatory compliance.
  
  Compliance Archiving Reporting and Insights
  Cloud-native, social collaboration-optimized reporting and interactive visual dashboards.
  
  End User Mail Search and Access
  End-users can simply access, search, review and print or download any of their own archived materials.
  
  eDiscovery
  Manage electronic discovery from ingestion through review – one tool – one technology.
  
  Managed Services
  Simplify and optimize compliance through expert-led Managed Cloud Services and Archiving Consulting Services.
  
  Unified Archiving for SMB
  
  Unified Archiving for SMB
  
  Archive your organization’s email, social media, and mobile device data
  
  Retain Email Archiving
  Archive email to stay compliant and in control with a central data archive.
  
  Retain Mobile Archiving
  Stay compliant with text message archiving of iOS, Android, and BlackBerry devices for your organization.
  
  Artificial Intelligence and Analytics
  AI Unstructured data analytics for text, audio, video and image data
- Secure Content Management
  
  Secure Content Management
  
  Securely meet regulatory, privacy, and jurisdictional retention requirements
  
  Content Manager
  Helping organizations meet data privacy regulatory guidelines through the management & disposition of data.
  
  File Dynamics
  Address the ever-changing needs of network data management
  
  ControlPoint
  File analysis to discover, classify and automate policy on unstructured data
  
  File Reporter
  Discover what is being stored and who has access
  
  Structured Data Manager
  Structured data archiving to retire outdated applications and reduce data footprint
  
  File Governance Suite
  Identity-driven governance of data & access
  
  Data Discovery
  SaaS-based file analysis on all of your unstructured data
- eDiscovery
  
  eDiscovery
  
  Identify, lock down, analyze, and prepare data for litigation and investigations
  
  eDiscovery
  Respond to litigation and investigations quickly, accurately, & cost-effectively
- Search & Analytics
  
  Search & Analytics
  
  Deliver information faster organization-wide with cognitive search and analytics
  
  IDOL
  Securely access and analyze enterprise (and public) text, audio & video data
- Data Backup and Restore
  
  Data Backup and Restore
  
  Secure backup and rapid restores for all structured and unstructured data to ensure business continuity
  
  Data Protector
  Backup and disaster recovery for diverse, dynamic, and distributed enterprise
- AI Powered Unstructured Data Analytics Platform
  
  AI Powered Unstructured Data Analytics Platform
  
  IDOL is an unstructured data analytics platform for extracting maximum value from all text, audio, video, and image data.
  
  Data Access and Connectors
  IDOL connects to more data sources than anyone else.
  
  Text analytics
  AI and NLP Based Intelligent Text Analysis in real time
  
  Image analytics
  AI and ML Image Classification and Analysis in real time
  
  Video analytics
  AI and ML Video Classification and Analysis in real time
  
  Audio analytics
  AI and ML Audio Classification, Analysis, and Speech to Text
  
  Surveillance analytics
  Realtime video, image, and audio data Survailace Analytics
  
  Cognitive search
  Natural Language Porcessing pinpoints the data you need with simplified AI analytics and analysis
  
  Semantic Search
  Percise semantic answers to natural language search questions
  
  Insight engine
  AI Based Intelligent search engine tools to extract deep insights from all of your data
  
  Natural Language Question Answering & Chatbot
  Communicate and engage customers using AI and ML to deliver a human dialogue chatbot.
  
  KeyView File Format Detection
  File format detection, content decryption, text extraction, subfile processing non-native rendering, and structured export
- Unstructured data analytics solutions
  
  Unstructured data analytics solutions
  
  Artificial Intelligence and Natural Language processing combine to extract text analytics insights from written or spoken language.
  
  Safe city
  Close city transportation security gaps to mitigate risk using AI and Machine Learning.
  
  Open Source Intelligence
  Identify global trends, sentiment, key word mentions, and run AI-powered open source intelligence (OSINT) analysis.
  
  Law enforcement Media analysis
  Digital forensics for organizations processing video and image evidence who need to identify, extract facts during an investigation
  
  Digital Assistant Chatbot
  Automated human-like digital assistant which can engage in natural language dialogues.
  
  Brand & Reputation Protection
  AI-powered Brand reputation monitoring and Protection
- For OEMs
  OEM SDKs unstructured data analytics to developers, reducing risk, time to market, development costs, and maintenance
IT Operations Management

IT Operations Management

Simplify Your IT Transformation

Service Management Automation X
Engaging end-user experience and efficient service desk based on machine learning

Operations Bridge
AIOps for Cloud Monitoring - Automated event and performance monitoring for multi-cloud and on-premises environments

Network Operations Management
Automate and manage traditional, virtual, and software-defined networks

Universal Discovery & UCMDB
Discover and manage configuration items (CIs) in Hybrid IT environments

Hybrid Cloud Management X
Simplify fulfillment automation and enforce governance

Operations Orchestration
Automate and orchestrate end-to-end processes with refreshing ease and superior control

Asset Management X
Manage IT assets for improved costs

Data Center Automation
Automate provisioning, patching, and compliance across the data center

Robotic Process Automation
Build, secure, and scale automated business processes across the enterprise

View All Products
Access a list of all products in IT Operations Management
Security
Security

Security at the core to everything you do; Operations, Applications, Identity and Data
- Security Operations
  
  Security Operations
  
  Detect known and unknown threats through correlation, data ingestion and analytics
  
  ArcSight Enterprise Security Manager (ESM)
  A comprehensive threat detection, analysis, and compliance management SIEM solution
  
  ArcSight Recon
  An intelligent log management solution that eases compliance burdens and accelerates forensic investigation for security professionals
  
  ArcSight Logger
  A comprehensive log management solution for easier compliance, efficient log search, and secure cost-effective storage.
  
  ArcSight Marketplace
  Download and deploy pre-packaged content to dramatically save time and management
  
  Security Open Data Platform
  A future-ready data platform that transforms data chaos into security insight.
  
  ArcSight Intelligence
  User and entity behavioral analytics that augments existing security tools and empowers security operations teams to identify and respond to the threats that matter before data is stolen
  
  Sentinel
  A fully-featured, adaptable solution that simplifies the day-to-day use of SIEM
  
  ArcSight SOAR
  A comprehensive Security Orchestration Automation Response platform with cognitive automation, investigation service desk, process orchestration and SOC analytics.
- Data Privacy and Protection
  
  Data Privacy and Protection
  
  Encryption, tokenization and key management for data de-identification and privacy
  
  Data Discovery
  SaaS-based file analysis on all of your unstructured data
  
  Data Management
  Identify, analyze, and manage your data; then establish policies to protect your data properly and efficiently, in use and throughout its lifecycle, and ensure data preservation.
  
  Voltage SmartCipher
  Persistent file encryption, complete control, and visibility to simplify unstructured data security
  
  Voltage SecureData Enterprise
  Format-preserving encryption, tokenization, data masking, and key management
  
  Voltage SecureData for Payments
  Omni-channel PCI compliance and data protection for end-to-end payments security
  
  Voltage SecureMail On-Premises
  Email, file, and Office 365 protection for PII, PHI, and Intellectual Property
  
  Voltage SecureMail Cloud
  Saas cloud email encryption to protect information on Office 365
- Application Security
  
  Application Security
  
  Secure development, security testing, and continuous monitoring and protection
  
  Fortify Static Code Analyzer
  Identifies security vulnerabilities in source code early in software development
  
  Fortify WebInspect
  Provides comprehensive dynamic analysis of complex web applications and services
  
  Fortify Software Security Center
  Gain valuable insight with a centralized management repository for scan results
  
  Fortify on Demand
  Manage your entire application security program from one interface
- Identity & Access Management
  Identity & Access Management
  
  An integrated approach to Identity and Access Management
  
  Identity Governance & Administration
  
  Identity Governance & Administration
  
  A comprehensive identity management and governance solution that spans across the infrastructure
  
  Data Access Governance
  Provisions and governs access to unstructured data
  
  NetIQ eDirectory
  Provides an LDAP directory with incredible scalability and an agile platform
  
  NetIQ Identity Governance
  Provides automated user access review and recertification to remain compliant
  
  NetIQ Identity Manager
  Delivers an intelligent identity management framework to service your enterprise
  
  Access Management
  
  Access Management
  
  Consistently enforce access rights across your business environment
  
  NetIQ Access Manager
  Provides single sign-on for enterprises and federation for cloud applications
  
  NetIQ Advanced Authentication
  Move beyond username and passwords and securely protect data and applications
  
  Advanced Authentication Connector for z/OS
  Multi-factor Authentication for all your IBM z/OS end points
  
  Host Access Management & Security Server
  Integrate the host with your modern security framework
  
  NetIQ Risk Service
  Adapt the authentication and access experience to the risk at hand.
  
  Self Service Password Reset
  Enables users to reset their passwords without the help of IT
  
  NetIQ SecureLogin
  Streamlines authentication for enterprise apps with a single login experience
  
  NetIQ Secure API Manager
  Protect and manage access to your APIs.
  
  Privilege Management
  
  Privilege Management
  
  Manage and control privileged account activities for all credential-based systems
  
  NetIQ Privileged Account Manager
  Enables IT administrators to work on systems without exposing credentials
  
  NetIQ Directory & Resource Administrator
  Limits administrative privileges and restricts directory views to specific users
  
  NetIQ Group Policy Administrator
  Edit, test and review Group Policy Object changes before implementation
  
  NetIQ Change Guardian
  Protect critical data, reduce risk and manage change with Change Guardian
  
  NetIQ AD Bridge
  Extend the power of Active Directory to Linux resources
  
  Universal Policy Administrator
  Unify and centrally manage policies across multiple platforms.
  
  Delegated Administration
  
  Delegated Administration
  
  Deliver actionable and timely security intelligence
  
  NetIQ Change Guardian
  Protect critical data, reduce risk and manage change with Change Guardian
  
  NetIQ Secure Configuration Manager
  Finds and repairs configuration errors that lead to security breaches or downtime
  
  NetIQ Security Solutions for IBM i
  Provides easy compliance auditing and real-time protection for IBM iSeries systems

Application security is the discipline of processes, tools and practices aiming to protect applications from threats throughout the entire application lifecycle. Cyber criminals are organized, specialized, and motivated to find and exploit vulnerabilities in enterprise applications to steal data, intellectual property, and sensitive information. Application security can help organizations protect all kinds of applications (such as legacy, desktop, web, mobile, micro services) used by internal and external stakeholders including customers, business partners and employees.

Why Application Security?

As validated by multiple studies, the majority of successful breaches target exploitable vulnerabilities residing in the application layer, indicating the need for enterprise IT departments to be extra vigilant about application security. To further compound the problem, the number and complexity of applications is growing. Ten years ago, the software security challenge was about protecting desktop applications and static websites that were fairly innocuous and easy to scope and protect. Now, the software supply chain is much more complicated considering the outsourced development, the number of legacy applications, coupled with in-house development that takes advantage of 3rd party, open source and commercial, off-the-shelf software components.

Organizations need application security solutions that cover all of their applications, from those used internally to popular external apps used on customers’ mobile phones. These solutions must cover the entire development stage and offer testing after an application is put into use to monitor for potential problems. Application security solutions must be capable of testing web applications for potential and exploitable vulnerabilities, have the ability to analyze code, help manage the security and development management processes by coordinating efforts and enabling collaboration between the various stakeholders. Solutions also must offer application security testing that is easy to use and deploy.

What is SAST and DAST?

What is SAST?

Static Application Security Testing (SAST) scans the application source files, accurately identifies the root cause and helps remediate the underlying security flaws.

Developer Benefits of Static Application Security Testing:

Identify and eliminate vulnerabilities in source, binary, or byte code
Review static analysis scan results in real-time with access to recommendations, line-of-code navigation to find vulnerabilities faster and collaborative auditing.
Fully integrated with the Integrated Developer Environment (IDE)

What is DAST?

Dynamic Application Security Testing (DAST) simulates controlled attacks on a running web application or service to identify exploitable vulnerabilities in a running environment.

Benefits of Dynamic Application Security Testing:

Provides a comprehensive view of application security by focusing on what’s exploitable and covering all components (server, custom code, open source, services)
Can be integrated into Dev, QA and Production to offer a continuous holistic view
Dynamic analysis enables a broader approach to manage portfolio risk (1000s of applications) and may scan legacy apps as part of risk management
Tests functional app, so unlike SAST, is not language constrained and runtime and environment-related issues can be discovered

On-Premise vs SaaS Solutions

Application security solutions consist of the cybersecurity software (the tools) and the practices that run the process to secure applications.

On-Premise

Application security testing solutions can be run on-premise (in-house), operated and maintained by in-house teams. This approach requires organizations to provide the infrastructure, the personnel and acquire application security solutions for their usage. On-premise assures organizations that their application data is not shared with third parties and does not leave the premises.

SaaS

Application security can also be a SaaS (or application security as a service) offering where the customer consumes services provided as a turnkey solution by the application security provider. This approach doesn’t require any of the prerequisites of the on-premise approach but it does require relying partially or completely on the SaaS vendor and in most cases, allow the application data to be shared with the vendor. SaaS provides an easy way to get started on application security and can offer scalability and speed. Hybrid implementations (using on-premise and SaaS together in different projects and practices) aim to provide the best of both worlds by providing flexibility, scalability and cost optimization.

Speed vs Accuracy

Today, every business is a software business. As a result, there has been tremendous growth in the number of web and mobile applications and increasing frequency of application releases. In order to keep up with the business demands, many organizations perform lighter weight security scans, which sacrifice the accuracy needed to detect crucial vulnerabilities. Agility in security is a balance between performing thorough, accurate scans and the associated false positives that can paralyze remediation.

What is the OWASP Top 10

OWASP Top 10

The Open Web Application Security Project (OWASP) is an open source application security community with the goal to improve the security of software. Its industry standard OWASP Top 10 guidelines provide a list of the most critical application security risks to help developers better secure the applications they design and deploy. Find overviews and practical tips for each of the Top 10 in A Developer’s Guide to the OWASP Top 10.

Application Security Solutions

Micro Focus Application Security solutions offer application security testing and management on-premise and as-a-service that can help companies secure their software applications including legacy, mobile, third-party, and open-source applications.

The Micro Focus Fortify offerings included static, dynamic, interactive application security testing, and runtime application self-protection, as well as services to support a Software Security Assurance program, which are processes to ensure that the applications that run your business are protected and secure.

The solutions include:

Fortify Static Code Analyzer - Static Application Security Testing (SAST) - Identifies and pinpoints security vulnerabilities in source code early in the software development lifecycle.

Fortify WebInspect - Dynamic application security testing (DAST) – Simulates real-world security attacks on a running application to provide comprehensive analysis of complex web applications and services.

Interactive application security testing (IAST) – Integration of our dynamic testing and runtime analysis to identify more vulnerabilities by expanding coverage of the attack surface and exposing exploits better than dynamic testing alone.

Fortify Application Defender - Runtime application self-protection (RASP) – Actively monitors and protects applications in production that have known and unknown vulnerabilities.

Fortify on Demand – Security as a Service - A simple, easy and quick way to accurately test applications without having to install or manage software, or add additional resources.

Mobile Security – Mobile testing methodology that tests all three tiers including the client, network and server.

Software Security Assurance – Centralized management repository provides visibility that helps resolve security vulnerabilities.

Fortify Software Security Center - Centralized management repository providing visibility to the entire application security testing program. It prioritizes, manages and track security testing activities and provides an accurate picture of software security risk across your enterprise.