Fortify
Digital Supply Chain attacks are increasing as per Gartner. What percentage of customers are anticipated to be impacted by supply chain attacks by 2025 ?
40%
Customers continue to swing away from Shift everywhere.
False
Developers perceive security as ...?
Friction
Software Security Center (SSC)
Holistic application security platform included with on-prem or hosted solutions to centralize the visibility of application security risks
IAST is not preferred by customers because....
IAST needs an agent to be installed on the web application server
Audit Assistant
Machine Learning
Which Fortify tool has a plugin for Integrated development environments (IDEs)?
SAST
Fortify Hosted
SaaS-based offering deployed in the cloud with managed infrastructure deployment and support
Static Code Analyzer
Scanning with rule packs
Software Composition Analysis (SCA)
Scans open -source components for vulnerabilities, either using debricked (SaaS) or through our partnership w/ Sonatype (On-premises)
Security Assistant
Spellcheck for developers
Dynamic Application Security Testing (DAST)
The process of testing an application or software product in an operating state
DAST solution involves simulating attacks on web applications within Quality Assurance environments. True or False ?
True
Development tools integration ecosystem plays a key role in the success of Fortify Adoption. True or False
True
What is the main reason for Software supply chain attacks?
a. Incorrect shipping method b. Using proprietary software c. Open Source vulnerability (answers) d. Non payment to supply chain vendor
When customers undertake cloud transformation initiatives, from an Application security trend standpoint they are most concerned around?
b. How to test API Security c. How to protect Cloud Native Applications
Attackers exploit these to get access to enterprise IT assets and applications.
c. Open-source vulnerabilities d. Vulnerabilities that get inherited from reuse of code
Mobile Application Security Testing (MAST)
testing a mobile app in ways that a malicious user would try to attack it.
Static Application Security Testing (SAST)
A set of technologies designed to analyze application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities
Webinspect
Analyzes applications in their running state and simulates attacks to find vulnerabilities to enable Dynamic Application Security Testing (DAST)
Static Code Analyzer
Analyzes source code for security vulnerabilities to enable Static Application Security Testing (SAST)
Fortify on Demand (FOD)
AppSec as a managed service that includes SAST, DAST, and MAST capabilities and managed by CyberRes security analysts
Audit Workbench
Categorize Vulnerabilities
Scan Central leverages a Kubernetes Cluster which has a controller and worker node setup to orchestrate SAST and DAST scans. True or False?
True
Speed Dial within SAST allows developers to balance Speed vs Depth. True or False ?
True
What do you mean by Software supply chain attacks ?
a. Attacks during software delivery b. Attacks during software procurement c. Attacks during production or consumption of Software d. All of the above (answers)
Fortify have significant capabilities to help mature which of the following customer efforts around Application security?
a. DevSecOps b. Cloud Transformation c. Software Supply Chain