The media has been flooding with the news that HP intends to acquire Fortify Software, which is a leading source-code analysis vendor. This will definitely change the game in some way. There is a lot of potential that would come out of the combined gravity. A lot has changed in the web application security.
Historically, HP has built tools that have boosted the workload that automation could grip. The tools were simple and crude at first, there were auditing widgets, crawlers, and basic reporting. Such tools were using the penetration tester with wide knowledge of the development of web applications, as well as attack and hacking methodologies. Therefore, these tools were not enterprise-friendly, not user-friendly, and lacked concept.
Playing Catch Up
Despite these things happening, web development technologies were booming and thereby leaving security teams far behind. Security teams failed to keep up with HTML, CSS and JavaScript. The industry then had to deal with development technologies and predictable acquisitions by large software organizations. Until recently, web application security tools had lacked the humility and vision that they needed. However, things have changed recently, many players now offer Software as a Service (SaaS) based application security, source-code analysis, consultancies, and platforms for self-guided security testing. Despite these, where should companies invest when it comes to Web application security?
Notably, security cannot be successful within a silo. Businesses should not focus on one process or test to see where security happens. By acquiring Fortify, HP will be offering a total solution of services, processes, and people that will be exciting. For businesses to be successful in securing their applications, they have to merge security into the total application delivery cycle. Security has failed for the last decade as a silo organization. Organizations should now join QA and Dev in acknowledging that security is a sub-component of software quality.
While SaaS services can be good, it will not help people write smarter and less defective web applications. The solution is to gain the expertise, the process, as well as the tools in-house besides having the expert support near.
The Future?
The HP project will change the whole process of finding security vulnerabilities to virtually minimizing organization IT risk from contacting with various web-based applications. It does not matter whether it is on your desktop, in the cloud or as a service. The most important thing is about what will best suit your situation. Mixing HP’s performance testing, quality tests and security testing solutions, as well as adding up another player like Fortify into the field will be ground shaking. The move will command the attention of the industry. It is something that will be amazing and secure a place in the future of Web application security.
Author Bio
This post is written by John Lewis and he works at PriceCollate as a writer. You can visit pricecollate to find and compare various type of shoes at great prices.
