Fortify on Demand - Static Scan Workflow

Watch this detailed demonstration of a typical workflow when addressing results from a Fortify on Demand Static scan. This demo finds vulnerabilities like cross-site scripting (XSS) and insecure transport database issues. One approach is to integrate with bug tracking like JIRA or ALM. This video shows a second approach which is to audit and assign to one of the users on the tenant. Then the issue is triaged in the Visual Studio IDE, using the Fortify on Demand extension for Visual Studio. Pull results using RESTful APIs…analysis results, analysis trace issue summary, or audit summary. See the workflow from both the developer and the auditor's perspective. The audit/fix workflow is essentially: 1. Audit and assign 2. Fix issue. Issue marked as ‘Remediated’ 3. Re-scan 4. Issue will now no longer be visible in the result set by default. If you ‘show fixed’ you can see it as fixed. ‘Not an issue’ is used to tag issues that have been suppressed and not fixed. LEARN MORE about Fortify on Demand: https://software.microfocus.com/en-us/products/application-security-testing/overview FREE TRIAL of Fortify on Demand: https://www.microfocus.com/en-us/products/application-security-testing/free-trial CONTACT US: https://www.microfocus.com/en-us/products/application-security-testing/contact LEARN MORE about how Micro Focus was named a leader in the 2019 Gartner MQ for Application Security Testing: https://software.microfocus.com/en-us/assets/enterprise-security-products/magic-quadrant-for-application-security-testing SUBSCRIBE TO FORTIFY UNPLUGGED: https://www.youtube.com/channel/UCUDKcm1wIfE6EWk_SyK0D4w/featured?sub_confirmation=1