Fortify on Demand is a Software as a Service (SaaS) solution that enables your organization to easily and quickly build and expand a Software Security Assurance program. Fortify on Demand's software security testing incorporates advanced and updated application testing technologies with expert review, dedicated account management, and 24/7 support.
An application submitted to Fortify on Demand undergoes a security assessment where it is analyzed for various software security vulnerabilities. Fortify on Demand offers static, dynamic, and mobile assessments at several service levels. For applications already in production, the Continuous Application Monitoring service combines continuous dynamic vulnerability scanning and risk profiling to provide visibility into the risk facing your organization's external-facing application portfolio.
Security Assessments
A static assessment analyzes an application's source code, bytecode, and/or binary code. A dynamic assessment analyzes a running web application. A mobile assessment analyzes the mobile application's binary (analysis of network and backend web server is also available). The Fortify on Demand testing team conducts a thorough analysis of your application for security vulnerabilities, including:
- Application scanning: the application is scanned using Fortify software.
- Expert review: an automated or manual audit (depending on the assessment type) of the scan results is included to ensure the highest possible degree of accuracy.
- Remediation validation: an assessment includes at least one free remediation scan to validate that the issues found have been fixed. The remediation scan is run on the same application after changes have been made to remedy the vulnerabilities found in the baseline assessment.
Fortify on Demand uses a 5-star rating system to rate applications that have been assessed. The assessment results are delivered in several ways, including various views in the UI, customizable reports, and detailed data exports.
Entitlements
Fortify on Demand security testing services are available through the purchase of entitlements in the form of assessment units or scans. Entitlements are valid for 12 months from the effective date of the order term.
Assessment units can be redeemed for single assessments or subscriptions of any assessment type; scan entitlements represent quantities of single assessments or subscriptions of a specific assessment type. Subscriptions allow unlimited assessments of selected applications during the subscription period.
Refer to your contract for specific entitlement details.
Support
Fortify on Demand offers support through self-service resources and the Fortify on Demand Help Center, staffed 24/7 by a dedicated support team of Technical Account Managers (TAMs).