Security Vendors Partner Around Web Apps Scanning

Watchfire, which provides Web site and applications vulnerability scanning, and Fortify, whose tools are used to scour software code for potential bugs, are partnering to provide integrated products.

Web applications security specialists Watchfire and code inspection experts Fortify Software on Aug. 14 launched a new partnership aimed at cashing in on growing concerns over online business security.

Enterprise customers are increasingly looking for integrated products to help improve security throughout the Web applications development and maintenance process, the companies said. The new partners announced that Fortifys Source Code Analysis Suite and Watchfires AppScan offering will be sold in a single package under the agreement in the name of allowing customers to better identify, analyze and remediate security vulnerabilities in Web sites and applications.

By tying their software and services more closely together and tapping into the selling power of their respective organizations, Fortify, which provides tools that search for potential flaws in program code, and Watchfire, which markets technology used to test sites and Web applications for vulnerabilities, believe they can drive growth in both companies while addressing the demand for integrated tools.

/zimages/6/28571.gifClick here to read more about Watchfires Web services scanning tools.

"There are a lot of different issues that you can catch when looking at the status of source code and when the application is up and running that you might not see in independent use of these types of technologies," said Mike Armistead, vice president of marketing at Fortify, in Palo Alto, Calif. "Organizationally, companies always have issues of software developers throwing things over the wall at IT; theres a lot of benefit in adding a system like this that can help bridge those gaps."

Through the partnership, the companies will offer an integrated dashboard that provides a centralized view of information coming from the applications testing tools, additional reporting and compliance management features, and improved remediation capabilities, officials said.

Waltham, Mass.-based Watchfire and Fortify already share a number of customers, who will be the first potential audience for the integrated version of the scanning applications, according to the vendors. Officials denied that the two companies may seek to merge, saying that customers continue to demand best-of-breed security technologies integrated by their providers, not necessarily a single security company with a wide range of products.

At least one customer endorsed the deal as beneficial to its ongoing efforts to eliminate online security flaws.

"Scanning both raw source code and compiled Web applications for software vulnerabilities is essential to ensuring the security of application systems," Bruce H. Bonsall, chief information security officer at MassMutual Financial Group, said in a statement. "Today we use two different tool sets to accomplish those separate but related tasks. By virtue of such a partnership, the integration of the tools isnt left to the end users and they dont need to navigate two different interfaces. That helps simplify things and lets users focus on more important issues."

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.