Fortify Software, the provider of security products that help companies identify, manage, and remediate software vulnerabilities, has announced the introduction of Fortify Tracer.
Fortify Tracer provides code-level information so that black box security testers can: Measure in a consistent way the percentage of security-critical points actually reached by black box security tests; Speed remediation of identified vulnerabilities; Discover additional runtime vulnerabilities that black box security testing tools cannot find.
“While black box security testing is important for analyzing the security of deployed applications, its scope is limited by the fact that the testing resides outside of the application,” said Barmak Meftah, VP of Products & Services, Fortify Software. “Our research and early product feedback demonstrates the importance of knowing how many of a web application’s security-critical points are covered during a test. In addition to providing this important metric, Fortify Tracer helps security professionals improve the effectiveness of their black box security tests and fix security flaws faster.”
By providing code level information, Fortify Tracer helps security professionals adjust their black box testing efforts to cover more of the application and identify additional vulnerabilities. Fortify Tracer can be used in conjunction with any manual or automated security testing procedure, providing consistency and repeatability among independent application security tests.
Fortify Tracer provides reports on coverage percentages and code-level details about runtime security errors discovered during automated and manual application penetration tests. Its patent-pending Call Site Monitor™ technology tracks security-critical APIs, such as database and file system, within the web application itself, and detects runtime vulnerabilities that are not visible through an application’s web interface.
Fortify Tracer is available today.