Fortify Extends On-The-Fly Web App Protection To .Net - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Fortify Extends On-The-Fly Web App Protection To .Net

Fortify Software, which has for the past year offered an on-the-fly approach to securing Java-based Web applications, has extended that coverage to include .Net as well.

As the "month of (insert Web application here) bugs" campaign drags on with MySpace as the latest target, the pressure to bolster the security of Web applications continues to mount. Any company looking to protect itself from these dissections, or from more general attacks, needs to quickly find some way of defending its Web applications, whether those apps were written using the Java or Microsoft .Net platforms. Fortify Software, which has for the past year offered an on-the-fly approach to securing Java-based Web applications, Monday extended that coverage to include .Net as well.

Fortify Defender for .Net takes a Web application's already compiled code and inserts what it calls "guards," or pieces of code that act as a security checkpoint for data coming into an application from the network. These guards check the incoming data against security policies defined by the company running the Web application to determine whether the data can be allowed through or should be blocked because it's looking to perpetrate a SQL injection, cross-site scripting attack, or buffer overflow.

"We take the Java or .Net binary code and inject guards around the application and any APIs associated with that application that could be exploited," says Barmak Meftah, Fortify's VP of products and services. "And we can do that without needing access to the application's source code." Another key feature of Defender, which was known as Fortify Application Defense when it was introduced a year ago, is its ability to continue to protect Web applications, such as corporate Web mail, even if an attacker gets past an identity management system. Defender can be set to expire user sessions and require users to re-authenticate themselves regularly.

Defender is most commonly used when companies aren't able to analyze a Web application's source code, whether for lack of time or access to the code. Defender also provides information about where an attack has originated and the time of day the attacks peak against a particular Web application.

The 554th Electronic Systems Wing, a unit of the Air Force Electronic Systems Center at Hanscom AFB, Mass., is using Defender to help protect and monitor its Java and .Net applications, Fortify said on Monday. The 554th Electronic Systems Wing develops, fields, sustains, and operates worldwide communications, computer, and force protection systems and capabilities for the president, secretary of defense, chairman of the Joint Chiefs of Staff, unified combatant commanders, services, and specified Department of Defense and non-DoD agencies to direct military forces.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
How to Land a Job in Cloud Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/19/2019
How to Convince Wary Customers to Share Personal Information
John Edwards, Technology Journalist & Author,  6/17/2019
The Art and Science of Robot Wrangling in the AI Era
Guest Commentary, Guest Commentary,  6/11/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Flash Poll