The media has been flooding with the news that HP intends to acquire Fortify Software, which is a leading source-code analysis vendor. This will definitely change the game in some way. There is a lot of potential that would come out of the combined gravity. A lot has changed in the web application security.
Historically, HP has built tools that have boosted the workload that automation could grip. The tools were simple and crude at first, there were auditing widgets, crawlers, and basic reporting. Such tools were using the penetration tester with wide knowledge of the development of web applications, as well as attack and hacking methodologies. Therefore, these tools were not enterprise-friendly, not user-friendly, and lacked concept.
Playing Catch Up
Notably, security cannot be successful within a silo. Businesses should not focus on one process or test to see where security happens. By acquiring Fortify, HP will be offering a total solution of services, processes, and people that will be exciting. For businesses to be successful in securing their applications, they have to merge security into the total application delivery cycle. Security has failed for the last decade as a silo organization. Organizations should now join QA and Dev in acknowledging that security is a sub-component of software quality.
While SaaS services can be good, it will not help people write smarter and less defective web applications. The solution is to gain the expertise, the process, as well as the tools in-house besides having the expert support near.
The HP project will change the whole process of finding security vulnerabilities to virtually minimizing organization IT risk from contacting with various web-based applications. It does not matter whether it is on your desktop, in the cloud or as a service. The most important thing is about what will best suit your situation. Mixing HP’s performance testing, quality tests and security testing solutions, as well as adding up another player like Fortify into the field will be ground shaking. The move will command the attention of the industry. It is something that will be amazing and secure a place in the future of Web application security.