Fortify on Demand

Fortify on Demand dynamic assessments

Dynamic assessments, powered by WebInspect, mimic real-world hacking techniques and attacks. It uses automated, interactive, and manual techniques to provide comprehensive analysis of complex web applications and services.

Eye
Real-world hacking

Mimic real-world hacking techniques and attacks on targeted applications.

Expand
Comprehensive security analysis
Provide comprehensive security analysis of complex web applications and web services.
Detect exploitable vulnerabilities
Crawl the entire attack surface to find exploitable vulnerabilities.
Thin Bld
Test internal applications
Can test internal applications through Site to Site VPN or whitelisting Fortify on Demand’s official data center IP addresses.

Dynamic application security software

WebInspect is the cornerstone of Fortify on Demand DAST and is the industry-leading dynamic web application security assessment solution.

Our dedicated application security experts manually analyze scan results

Some of the tasks performed by the Fortify on Demand testing team include:

  • Development of authentication macros if needed
  • Validation of scan coverage
  • Removal of false positives
Our dedicated application security experts manually analyze scan results
Fortify on Demand includes an active IAST option for:
  • Improved coverage (all major components of the attack surface are tested)
  • Greater accuracy (Fewer false positives are generated)
  • Faster remediation (Full stack trace provided for each issue identified)

Dynamic vs Dynamic+

Dynamic Assessment Dynamic+ Assessment 
Application Type Website Website or Web Service
WebInspect DAST Yes Yes
Authentication Yes Yes
Security expert review (including false positive removal) Yes Yes
Continuous Application Monitoring (subscriptions only) Yes Yes
Active IAST Optional Optional
Manual vulnerability testing No Yes

Dynamic Assessment

Dynamic+ Assessment 

Application Type

Website

Website or Web Service

WebInspect DAST

Yes

Yes

Authentication

Yes

Yes

Security expert review (including false positive removal)

Yes

Yes

Continuous Application Monitoring (subscriptions only)

Yes

Yes

Active IAST

Optional

Optional

Manual vulnerability testing

No

Yes

Dynamic Assessment

Dynamic+ Assessment 

Application Type

Website

Website or Web Service

WebInspect DAST

Yes

Yes

Authentication

Yes

Yes

Security expert review (including false positive removal)

Yes

Yes

Continuous Application Monitoring (subscriptions only)

Yes

Yes

Active IAST

Optional

Optional

Manual vulnerability testing

No

Yes

release-rel-2019-7-1-2248 | Wed Jul 10 03:59:45 PDT 2019
2248
release/rel-2019-7-1-2248
Wed Jul 10 03:59:45 PDT 2019