Fortify Software

Home News & Events Press Releases 2008 April 21, 2008

Fortify Software Identifies and Protects Customers against Latest Application Security Vulnerabilities

Fortify Secure Coding Rulepack Provides Support for Popular Web Technologies, Cross-Site Request Forgery Vulnerabilities and C++ Smart Pointers

SAN MATEO, Calif., April 21, 2008 - Fortify® Software, the market leader in enterprise application security solutions, today announced that the Fortify Security Research Group has released its latest quarterly Fortify Secure Coding Rulepacks. The Q1 release includes support for popular Web technologies including Java Server Faces (JSF), auditing tools to detect Cross-Site Request Forgery (CSRF) vulnerabilities, and C++ smart pointers, including Boost and C++ auto_ptr libraries.

"As new threats and vulnerabilities continuously emerge, our dedicated researchers strive to stay ahead of the game by providing these vital updates to our valued customers," said Jacob West, Manager of Fortify's Security Research Group. "We strongly encourage our customers to utilize these latest available rulepacks to maintain the highest level of security assurance possible while enhancing their existing source code analysis functionality."

As part of the Q1 update, the following new features and capabilities are now available:

Support for popular Web technologies, including Java Server Faces, Struts 2, Google Web Toolkit (GWT), Direct Web Remoting (DWR), Microsoft Anti-Cross Site Scripting Library, Java Persistence API (JPA) and Sun JDK 6.
Support for Cross-Site Request Forgery (CSRF) which helps auditors identify CSRF vulnerabilities and provides an "auditor checklist" of forms submitted from client-side HTML.
Support for smart pointers which adds support for C++ smart pointers, including the Boost library and standard auto_ptr. Specifically, this enables Fortify to track data through Boost smart pointer and auto_ptr variable, reducing false positives caused when smart pointer variables are not freed manually and enforcing best practices related to the use of smart pointers.

Already available to existing customers and included in each new purchase, Fortify Secure Coding Rulepacks represent the cutting-edge in security vulnerability assessment. Update requests made to update.fortifysoftware.com from Fortify Manager, Fortify SCA and Fortify IDE plug-ins will download the updated rulepacks.

The integration of these new rules was conducted by Fortify's Security Research Group, a team of software security experts that focuses entirely on identifying new threats and developing ways to protect against them. Thanks to these efforts, Fortify continues to lead the industry in identifying threats and developing solutions to address them. A full listing of security vulnerability categories can be viewed at http://www.fortifysoftware.com/vulncat/.

About Fortify Software, Inc.

Fortify® 's Business Software Assurance products and services protect companies from the threats posed by security flaws in business-critical software applications. Its software security suite - Fortify 360 - drives down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software’s customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at www.fortify.com.