HP Fortify

Fortify Static Code Analyzer – FSCA is the on-premise version of the most widely deployed and highest rated static application security testing software on the market.

Fortify on Demand – FoD, as it is commonly called, is the SaaS version of FSCA and WebInspect. Upload your code to the cloud and receive a report back detailing and defining vulnerabilities with guidance on how to remediate and how long it should take to make remediations. A Technical Account Manager (TAM) is assigned to every account to help with the process and augment your staff with an absolute expert at no additional cost. FedRAMP certified data centers are available upon request.

WebInspect – The industry leader in dynamic application security testing (DAST) for the last decade. WebInspect may be licensed inexpensively to scan a single target yet seamlessly scale to scan to hundreds of applications.

Fortify Consulting licenses – Project-based term licenses for application security professionals tasked with ensuring code security for their clientele.

Fortify installation and integration – GrayFin professional services are customized per deployment and customer requirements. A typical service will last about a week and is paired with an additional week of training. Long term on-site or remote residencies are also available to fill staffing gaps.

Fortify training – Instructor led training either on site or remote for any sized class. Training may be customized to specific customer requirements or come directly out of the HP course catalogs.

Application Defender – Imagine a SaaS solution that can protect against production security vulnerabilities quickly without even making any changes to the code.AppDefender identifies and stops attacks that network security just can’t see. It does this using contextual insight within the application itself providing immediate visibility into the security of your software.

DevInspect – The latest addition to the Fortify family, DevInspect is like autocorrect for coders. Currently available for .net and Java, it provides instant and continuous feedback to software developers thereby reducing scanning and remediation effort down the road.