Next-gen hybrid web security analysis launched by Fortify and HP

Developed with HP, Hybrid 2.0 enables teams across the application lifecycle to improve visibility into security risks, says the company. Barmak Meftah, chief products officer at Fortify, also says it increases test accuracy and enables project teams to produce more secure web applications by correlating static and dynamic testing results. "Our next generation hybrid analysis technology offers customers a dramatic step forward in achieving their software security assurance goals," says Meftah. "While other vendors offer point solutions or first-generation capabilities, Fortify and HP are delivering integrated technologies that enable businesses to more effectively reduce risk associated with insecure web applications." Meanwhile, Jonathan Rende, vice president and general manager in the Software and Solutions organisation at HP, says: "HP and Fortify's Hybrid 2.0 solution addresses the biggest application vulnerabilities, resulting in reduced business risk and lowered costs for clients." The main point to note is that Hybrid 2.0 connects penetration test results directly to source code analysis results, revealing hidden vulnerability relationships and exposing their root causes within the application source code. This allows development teams to more accurately identify and prioritise vulnerabilities, and to quickly investigate security defects in the source code.