Readers vote on the best Application Security products in 2012, including static and dynamic vulnerability scanners, and other source code analysis products and services used during development.
In this part:
Gold: HP Fortify Real-Time Analyzer, HP
Readers awarded the gold medal to HP Fortify Real-Time Analyzer. The tool received high scores across all criteria, making it the clear winner in the application security category. Readers particularly liked the product's ease of installation, configuration and administration. They also liked the analyzer's effectiveness in preventing known attacks and/or vulnerabilities as well as the frequency of updates to detect new exploits and/or vulnerabilities. HP Fortify Real-Time Analyzer also ranked higher than any of its competitors for integration with other security reporting and remediation tools.
HP Fortify Real-Time Analyzer is intended to protect applications from vulnerabilities that were not fixed during development or QA testing. The software is designed to reduce risks in deployed Java and .NET applications by automatically blocking attacks for common vulnerabilities from inside the application. The user can configure the software to respond with various risk mitigation techniques when an attack is detected; for example, by blocking the user or alerting an administrator. The analyzer can also automatically monitor applications and collect data on attacks. According to HP, the software requires no customization, training, coding or modeling.
Expert's market reflection: "The application security market has a lot of growth ahead. End users still struggle with implementing security measures across the software lifecycle, and there is still ample room for innovation. We should continue to see healthy growth in the foreseeable future." -- Chenxi Wang, vice president and principal analyst, Forrester
Silver: eEye Digital Security Retina Web Security Scanner, eEye Digital Security (Now BeyondTrust)
eEye Digital Security Retina Web Security Scanner scans websites and Web applications for Web-based vulnerabilities. In addition to identifying application vulnerabilities and site exposure risk, the software ranks threat priority, produces HTML reports, and indicates security posture by vulnerabilities and threat level. While readers were pleased with the scanner's effectiveness in detecting and reporting known attacks and/or vulnerabilities, they were less impressed with its integration with other security tools and the product's return on investment.
Bronze: HP Fortify Static Code Analyzer, HP
HP Fortify Static Code Analyzer performs static analysis to identify root causes of security vulnerabilities in source code. The software prioritizes results based on severity of risk and provides guidance on how to fix vulnerabilities in line-of-code detail. The code analyzer supports a variety of languages, platforms, build environments and software component APIs. The software scored well for its vendor service and support. However, readers were less impressed with how it integrated with other security tools, and its installation, configuration and administration.