什么是应用程序安全?

Application security is the protection of applications from external threats throughout their lifecycle. Cyber criminals are organized, specialized, and motivated to find and exploit vulnerabilities in enterprise applications to steal data, intellectual property, and sensitive employee or customer information. More than 80 percent of successful breaches target vulnerabilities in the application layer, indicating the need for enterprise IT departments to be vigilant about application security. Application security can protect backend web applications used by employees as well as the mobile apps used by customers.

Why Application Security Solutions?

Companies need application security solutions that cover all of their applications, from those used in-house by employees to popular items used on customers’ mobile phones. These solutions must cover the entire development stage and offer testing after an application is put into use to monitor for potential problems. Application security solutions must be capable of testing web applications for exploitable vulnerabilities, have the ability to analyze code, help manage the security and development management processes by coordinating efforts and enabling collaboration between the various stakeholders, and must offer application security testing that is easy to use and deploy.

Application Security Solutions

Micro Focus Application Security solutions offer application security testing and management on-premises and on-demand that can help companies secure their software applications including legacy, mobile, third-party, and open-source applications.

The Micro Focus Security Fortify offerings included static, dynamic, and interactive application security testing, and runtime application self-protection, as well as services to support a Software Security Assurance program, which are processes to ensure that the applications that run your business are protected and secure. The solutions include:

  • Fortify Static Code Analyzer - Static Application Security Testing (SAST) - Identifies and pinpoints security vulnerabilities in source code early in the software development lifecycle.
  • Fortify WebInspect - Dynamic application security testing (DAST) – Simulates real-world security attacks on a running application to provide comprehensive analysis of complex web applications and services.
  • Interactive application security testing (IAST) – Integration of our dynamic testing and runtime analysis to identify more vulnerabilities by expanding coverage of the attack surface and exposing exploits better than dynamic testing alone.
  • Fortify Application Defender - Runtime application self-protection (RASP) – Actively monitors and protects applications in production that have known and unknown vulnerabilities.
  • Fortify DevInspect - Brings application security closer to the developer to help them identify and remediate security vulnerabilities while they are coding, in real-time within their development environment (IDEs).
  • Fortify on Demand – Security as a Service - A simple, easy and quick way to accurately test applications without having to install or manage software, or add additional resources.
  • Mobile Security – Mobile testing methodology that tests all three tiers including the client, network and server.
  • Software Security Assurance – Centralized management repository provides visibility that helps resolve security vulnerabilities.
  • Fortify Software Security Center - Centralized management repository providing visibility to the entire application security testing program. It prioritizes, manages and track security testing activities and provides an accurate picture of software security risk across your enterprise.

Application Security Resources

release-rel-2018-10-1-1171 | Wed Oct 10 04:40:28 PDT 2018
1171
release/rel-2018-10-1-1171
Wed Oct 10 04:40:28 PDT 2018