DevOps Tool Series: Fortify (Security Tool)

Fortify SCA is a valuable tool in Devops toolchain providing the automated static code analysis for security vulnerabilities.

KEY FEATURES:

• Static Analysis also known as Static Application Security testing (SAST) , available from Fortify Static Code Analyzer (SCA).
• Detects more types of potential vulnerabilities than any other detection method.
• Pinpoints the root cause of vulnerabilities with line-of-code detail.
• Helps you identify critical issues during development when they are easiest and least expensive to fix.

FORTIFY ISSUES:

1. Denial of service attack — Donot allow untrusted data to be used as regex like in headers (*)

2. XML external Entity attack — XML should be configured securely.

3. Values shading

4. Password management/Hardcode password.