Fortify

Digital Supply Chain attacks are increasing as per Gartner. What percentage of customers are anticipated to be impacted by supply chain attacks by 2025 ?

40%

Customers continue to swing away from Shift everywhere.

False

Developers perceive security as ...?

Friction

Software Security Center (SSC)

Holistic application security platform included with on-prem or hosted solutions to centralize the visibility of application security risks

IAST is not preferred by customers because....

IAST needs an agent to be installed on the web application server

Audit Assistant

Machine Learning

Which Fortify tool has a plugin for Integrated development environments (IDEs)?

SAST

Fortify Hosted

SaaS-based offering deployed in the cloud with managed infrastructure deployment and support

Static Code Analyzer

Scanning with rule packs

Software Composition Analysis (SCA)

Scans open -source components for vulnerabilities, either using debricked (SaaS) or through our partnership w/ Sonatype (On-premises)

Security Assistant

Spellcheck for developers

Dynamic Application Security Testing (DAST)

The process of testing an application or software product in an operating state

DAST solution involves simulating attacks on web applications within Quality Assurance environments. True or False ?

True

Development tools integration ecosystem plays a key role in the success of Fortify Adoption. True or False

True

What is the main reason for Software supply chain attacks?

a. Incorrect shipping method b. Using proprietary software c. Open Source vulnerability (answers) d. Non payment to supply chain vendor

When customers undertake cloud transformation initiatives, from an Application security trend standpoint they are most concerned around?

b. How to test API Security c. How to protect Cloud Native Applications

Attackers exploit these to get access to enterprise IT assets and applications.

c. Open-source vulnerabilities d. Vulnerabilities that get inherited from reuse of code

Mobile Application Security Testing (MAST)

testing a mobile app in ways that a malicious user would try to attack it.

Static Application Security Testing (SAST)

A set of technologies designed to analyze application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities

Webinspect

Analyzes applications in their running state and simulates attacks to find vulnerabilities to enable Dynamic Application Security Testing (DAST)

Static Code Analyzer

Analyzes source code for security vulnerabilities to enable Static Application Security Testing (SAST)

Fortify on Demand (FOD)

AppSec as a managed service that includes SAST, DAST, and MAST capabilities and managed by CyberRes security analysts

Audit Workbench

Categorize Vulnerabilities

Scan Central leverages a Kubernetes Cluster which has a controller and worker node setup to orchestrate SAST and DAST scans. True or False?

True

Speed Dial within SAST allows developers to balance Speed vs Depth. True or False ?

True

What do you mean by Software supply chain attacks ?

a. Attacks during software delivery b. Attacks during software procurement c. Attacks during production or consumption of Software d. All of the above (answers)

Fortify have significant capabilities to help mature which of the following customer efforts around Application security?

a. DevSecOps b. Cloud Transformation c. Software Supply Chain