Cybersecurity
DevOps Cloud
IT Operations Cloud
Software 21.2.0
December 2021
At Fortify, our goal is to assist organizations in building software resilience for modern development from a partner they can trust. Fortify continues to cover a wide range of AppSec use cases common to today's landscape. From DevSecOps, Cloud Transformation, Securing the Software Supply Chain, and Maturity at Scale, Fortify delivers a holistic, inclusive, and extensible platform that supports the breadth of your software portfolio.
We are excited to announce the general availability of our CyberRes Fortify 21.2.0 release! With enhanced offerings to increase speed, accuracy, scalability, and ease of use, this marks another important chapter in Fortify’s elevation of application security. This release contains updates to Fortify Static Code Analyzer, Fortify WebInspect, Fortify Software Security Center, and Fortify Software Composition Analysis.
This release of CyberRes Fortify Software includes the following new functions and features:
CyberRes Fortify Software Security Center
The following features have been added to Fortify Software Security Center.
Static/Dynamic Issue Correlation Indicator
ScanCentral SAST Controller Updates
New Premium Quarterly Reports
LDAP Update
Java 11 Deployment
CyberRes Fortify ScanCentral SAST
The following features have been added to Fortify ScanCentral SAST.
Support for the Fortify License and Infrastructure Manager
MSBuild Integration Update
Go Language Support
Graceful Shutdown and Timer Support
Sensor Pool Assignment Improvement
CyberRes Fortify Static Code Analyzer
The following features have been added to Fortify Static Code Analyzer.
Fortify License and Infrastructure Manager
Regular Expression (regex) Analysis
Operating System Updates
Fortify added support for the following operating systems and versions:
Compiler Updates
Fortify added support for the following compiler versions:
Build Tool Updates
Fortify added support for the following build tool versions:
C++ Updates
JavaScript Improvements
Go Language Update
YAML Support
Kotlin Update
PHP
Scala
Configuration Scanning
CyberRes Fortify Static Code Analyzer Tools
The following features have been added to Fortify Static Code Analyzer Tools.
ScanCentral SAST Support
New PCI SSF Report
Generate new PCI SSF Report (version 1.2) from the following tools:
CyberRes Fortify ScanCentral DAST
The following features have been added to Fortify ScanCentral DAST.
Correlated Issues
Scan Visualization Update
Client-Side Certificate Support
Scan Priority Level
Azure SQL Support
CyberRes Fortify WebInspect
The following features have been added to Fortify WebInspect.
API Discovery
With the new API Discovery, any Swagger or OpenAPI schema detected during a scan will have its endpoints added to the existing scan and authentication will be applied to the endpoints with our automatic state detection. In addition, probes will be sent to default locations of popular API frameworks to discover schemas.
Two-factor Authentication
Two-factor Authentication is a common requirement in enterprises and can be a burden to the security tester to get a bypass or to manually scan. WebInspect now offers the ability to automate Two-factor Authentication scans. This is accomplished by installing a lightweight Android app onto a phone or emulator that can capture SMS and Email tokens and pass them back to the scanner for authentication. Once configured, there is no need for user interaction.
Automatic State Detection
WebInspect now automatically detects and configures state for Oauth, JWT, and Bearer Tokens during a scan.
Engine 6.1 Updates
Fortify continues to enhance its engines to improve scan coverage and performance. WebInspect 21.2.0 provides a faster crawl and audit, and better application support from the Web Macro Recorder with Macro Engine 6.1.
Improved DOM XSS Detection
WebInspect 21.2.0 has new DOM XSS detection capabilities for analyzing client-side code for XSS. This will allow for improved XSS attack performance and the ability to detect client-side only attacks, such as XSS in DOM fragments.
Web Fuzzer Tool
The Web Fuzzer Tool lets you run Fuzzing tests that submit random or sequential data to various areas of an application to uncover security vulnerabilities. For example, when searching for buffer overflows, a tester can generate data of various sizes and send it to one of the application entry points to observe how the application handles it.
CyberRes Fortify WebInspect Enterprise
The following features have been added to the Fortify WebInspect sensor used in WebInspect Enterprise.
API Discovery
With the new API Discovery function in WebInspect, any Swagger or OpenAPI schema detected during a scan will have its endpoints added to the existing scan and authentication will be applied to the endpoints with our automatic state detection. In addition, probes will be sent to default locations of popular API frameworks to discover schemas.
Automatic State Detection
WebInspect now automatically detects and configures state for Oauth, JWT, and Bearer Tokens during a scan.
Engine 6.1 Updates
Fortify continues to enhance its engines to improve scan coverage and performance. WebInspect 21.2.0 provides a faster crawl and audit, and better application support from the Web Macro Recorder with Macro Engine 6.1.
Improved DOM XSS Detection
WebInspect 21.2.0 has new DOM XSS detection capabilities for analyzing client-side code for XSS. This will allow for improved XSS attack performance and the ability to detect client-side only attacks, such as XSS in DOM fragments.
Contact CyberRes Fortify Customer Support
If you have questions or comments about using this product, contact CyberRes Fortify Customer Support using one of the following options.
To Manage Your Support Cases, Acquire Licenses, and Manage Your Account
https://www.microfocus.com/support
For More Information
For more information about Fortify software products: https://www.microfocus.com/solutions/application-security