Kenna Security is now part of Cisco

|Learn more

SAST And DAST Like Peanut Butter and Jelly

Oct 3, 2011
Ed Bellis
Chief Technology Officer, Co-founder

Share with Your Network

Today, our development team added HP Fortify integration with Risk I/O. HP Fortify is a static analysis tool that looks at the source code of an application to identify security flaws within. Fortify’s Static Application Security Testing (SAST) results provide an inside-out view of the vulnerabilities that exist in a software program compared to Dynamic Application Security Testing (DAST) that provide more of an outside-in view. When plugged into Risk I/O, mutual customers can dramatically improve their ability to fix security issues in a timely manner through a very unique view of their application flaws.

When plugged into Risk I/O, Fortify users can dramatically improve their ability to fix security issues through a very unique view of their application flaws.

Wih the introduction of this static analysis integration, Risk I/O users gain a tremendous advantage in the speed in which they fix and remediate application vulnerabilities. By correlating security findings from dynamic scanners with a source code analysis tool, dependent on the findings, our users may go as far as identifying the offending source code associated with a vulnerability found by their dynamic application scanner. Combine this with our bug tracking integration and Risk I/O customers can go from scanner finding to fixed at the source faster than ever before!

Fortify customers can easily connect their scanner to Risk I/O by simply completing a single field form. New customers can try our product using our forever free version.

Our development team has been working hard on increasing the number of connectors that we offer to our users, but our list has room to grow. Please let us know if there’s a vulnerability assessment tool integration we’re missing that you’re currently using.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.