More than 70 percent of agency breaches are due to software vulnerabilities. When vulnerabilities are found in software, hackers and other malicious actors have the ability to infiltrate an agency's network and access sensitive information regardless of where it resides. HP Fortify on Demand addresses this by enabling agencies to continuously monitor deployed software to mitigate risk and identify critical vulnerabilities undermining their security posture.
"As the soft underbelly of an agency's network, software can impose serious threats to an agency's security if vulnerabilities are not proactively identified and addressed", stated Rob Roy, chief technology officer, U.S. Public Sector, Enterprise Security Products, HP. "Organisations can no longer afford to simply respond to breaches as they arise, and as the only solution of its kind available with FedRAMP certification, HP Fortify on Demand quickly addresses the root cause of vulnerabilities by securing software from conception through the entire development lifecycle."
HP Fortify on Demand is now provisionally authorized for government agency use to perform security assessments of application code and web site/web services testing, and end-to-end mobile application security testing. Static code scanning such as Java, .NET, and other major programming languages for security defects is performed in the system at the code layer followed by an audit review by an HP static auditor. Dynamic web site and web services testing combines HP WebInspect software with manual penetration testing, followed by a review from an HP dynamic tester.
In total, HP Fortify on Demand offers accurate and affordable security assessments of more than 600 vulnerability categories and services, regardless of where the application resides and without any software to install or manage.
By deploying HP Fortify on Demand on top of HP's FedRAMP authorized Infrastructure-as-a-Service (IaaS), HP Helion Managed Virtual Private Cloud for Public Sector (US), agencies are able to leverage on-demand security assessments of application code in a fast and accurate method that saves both time and money.