Solution Overview

Fortify SCA is a static, white box software source code security testing tool. It uses a built-in analysis of the five main analysis of the source code of the application software for static analysis, the source code scanning security vulnerabilities exist, and to give a report. The results of the scan include not only detailed information on the security vulnerabilities, but also instructions on the related security knowledge and the advice on how to fix it.

Features

Foritfy SCA consists of five major analysis engine:

Data Flow Engine: Track, record, and analyze security issues arising from the data transfer process in the program.

Semantic Engine: Analyze unsafe functions in programs, and use security methods.

Structural Engine: Analyzes the procedural context and the security issues in the structure.

Control Flow Engine: Analyzes the safety issues of executing operational instructions at specific times and states.

Configuration Engine: Analyze sensitive information in project configuration files and configure missing security issues.

Unique X-Tier ™ Tracker: Jumps up and down the project to analyze problems through procedures

The largest rule package, is currently the industry's largest and most complete rules package;

Support for the language most, cross-layer, cross-language analysis of the code generated loopholes: C, C ++, .Net, Java, JSP, PL / SQL, T-SQL, XML, CFML, VBScript;

Accurately locate the full path of the loopholes generated, but also can graphically display the loopholes generated to facilitate the audit;

Most supported platforms are supported on virtually all platforms: Windows, Solaris, Red Hat Linux, Mac OS X, HP-UX, IBM AIX;

IDE supports VS, Eclipse, RAD, WSAD.

User benefits

Discover the root cause of security holes in static code (static analysis) and running applications (dynamic analysis)

Over 480 vulnerabilities were discovered, supporting 19 languages ​​and more than 680,000 APIs

Fix the most important security issues more quickly through collaboration

Control existing vulnerabilities in deployed software so they are not harmful

Control software security process

Prevent risks by leveraging the industry-leading team dedicated to continuous research on application security

Ensures compliance with government and industry compliance standards and internal policies such as Payment Card Industry Data Security Standard (PCI DSS), Federal Information Security Management Act (FISMA), Sarbanes-Oxley Act, Health Insurance Portability and Accountability Act ( HIPAA), North American Electric Reliability Corporation (NERC) standards and the like.

success case

China customs

Beijing Information Security Assessment Center

National Information Technology Security Research Center

China Construction Bank

China UnionPay

China Postal Savings Bank

Pudong Development Bank

China Minsheng Bank

Bank of Beijing

China safe

CITIC Bank

Shanghai Bank

Amway Group

ChinaHR

State Grid

Hainan Airlines