Infrastructure // Unified Communications
News
3/20/2007
11:33 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Fortify Extends On-The-Fly Web App Protection To .Net

Fortify Software, which has for the past year offered an on-the-fly approach to securing Java-based Web applications, has extended that coverage to include .Net as well.

As the "month of (insert Web application here) bugs" campaign drags on with MySpace as the latest target, the pressure to bolster the security of Web applications continues to mount. Any company looking to protect itself from these dissections, or from more general attacks, needs to quickly find some way of defending its Web applications, whether those apps were written using the Java or Microsoft .Net platforms. Fortify Software, which has for the past year offered an on-the-fly approach to securing Java-based Web applications, Monday extended that coverage to include .Net as well.

Fortify Defender for .Net takes a Web application's already compiled code and inserts what it calls "guards," or pieces of code that act as a security checkpoint for data coming into an application from the network. These guards check the incoming data against security policies defined by the company running the Web application to determine whether the data can be allowed through or should be blocked because it's looking to perpetrate a SQL injection, cross-site scripting attack, or buffer overflow.

"We take the Java or .Net binary code and inject guards around the application and any APIs associated with that application that could be exploited," says Barmak Meftah, Fortify's VP of products and services. "And we can do that without needing access to the application's source code." Another key feature of Defender, which was known as Fortify Application Defense when it was introduced a year ago, is its ability to continue to protect Web applications, such as corporate Web mail, even if an attacker gets past an identity management system. Defender can be set to expire user sessions and require users to re-authenticate themselves regularly.

Defender is most commonly used when companies aren't able to analyze a Web application's source code, whether for lack of time or access to the code. Defender also provides information about where an attack has originated and the time of day the attacks peak against a particular Web application.

The 554th Electronic Systems Wing, a unit of the Air Force Electronic Systems Center at Hanscom AFB, Mass., is using Defender to help protect and monitor its Java and .Net applications, Fortify said on Monday. The 554th Electronic Systems Wing develops, fields, sustains, and operates worldwide communications, computer, and force protection systems and capabilities for the president, secretary of defense, chairman of the Joint Chiefs of Staff, unified combatant commanders, services, and specified Department of Defense and non-DoD agencies to direct military forces.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.