Papier

Real-time hybRid analysis: Find moRe, Fix FasteR

Technology white paper

Brian Chess, Ph.D., Distinguished Technologist, HP Founder and Chief Scientist, HP Fortify

Summary Real-time hybrid analysis marks a substantial evolution in software security testing. It provides unique access to application information missing from the two most effective software security analysis technologies in use today— dynamic and static testing. This insight enables real-time hybrid analysis to overcome the shortfalls that have thus far limited the effectiveness of applying these methods in combination. Using real-time hybrid analysis, organizations can analyze software with far greater thoroughness, precision, and efficiency than previously possible to identify more vulnerabilities, improve the accuracy of diagnosis, speed remediation efforts, and simplify software security processes.

A vulnerability glut

The exponential growth of software applications and their ubiquitous accessibility make security a daunting endeavor for even the best funded and staffed IT organizations. As high-profile security breaches involving Sony, Citigroup, and legions of others demonstrate, exploitable vulnerabilities in software introduce substantial risk. While the sheer number of applications continues to soar, so does the prevalence of vulnerabilities and the severe repercussions caused by insecure software. Compounding the problem is the complexity of modern software, which increasingly targets versatile, “alwayson” scenarios including Web 2.0, mobile, and the cloud. Against this backdrop, software security practitioners and developers, facing business mandates for efficiency and profitability, are often compelled to secure applications more rapidly while using fewer resources. Making the task yet more difficult is the labor-intensive nature of software security assurance processes. To successfully distinguish critical vulnerabilities that must truly be addressed from those that involve little...