Dr. Dobb's is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Channels ▼
RSS

Tools

Winners of the 18th Jolt Product Excellence Awards & Recipients of the Jolt Productivity Awards


JOLT Winner

Fortify Defender: Real-Time Analyzer (Fortify Software)

Patrick White

Reviewed by Mike Riley
Fortify Defender's latest improvements have kept it at the forefront of application development security via the way it armors web applications. The Internet is a scary place for unprotected web applications, with botnets and malicious hackers poised to strike any code weaknesses. Defender's multiple OS-supported Application Shield helps developers identify and lock down code that can be used to exploit SQL injections, buffer overflows, cross-site scripting and session fixation among other things that can wreak havoc and potentially destroy businesses. Fortify's monitor and protect modes supply all the forensics information necessary to identify threats in real time.

Crowd (Atlassian)
Reviewed by Hugh Bawtree
Crowd is a promising new Single Sign On product. Instead of signing onto multiple applications, it enables users to sign on just once to Crowd and then execute all their applications--internal apps, custom apps and web forums. Crowd automatically logs the user into each app. Obviously, this simplifies the user's life and centralizes the administration work for sys admins. Crowd also makes life easier for developers. It already has built-in interfaces to many directory services: Microsoft Active Directory, Open LDAP, Sun One and Apache Directory Service. And it has interfaces to some applications: Atlassian applications, Apache, Subversion, Jive forums and OpenID (used by thousands of web sites). Developers can develop their own interfaces for other apps using a Java API or a SOAP API. Finally, developers get a copy of the Crowd source code when they purchase a Crowd license.

Defensics (Codenomicon)
Reviewed by Mike Riley
Codenomicon's Defensics offers security-conscious developers a set of web application analysis tools that help detect code vulnerabilities via its ability to scan over 130 different interfaces and formats, from standard web traffic to wireless and digital media (images, audio, etc.) security threats. Defensics comes bundled with numerous pre-built test cases, saving developers time as well as ensuring that some of the most sophisticated attack vector attempts will be tested in a variety of scenarios. Test results are linked to the problem source for rapid identification and remediation and can be employed for continuous testing throughout the application's lifecycle.

Ounce (Ounce Labs)
Reviewed by Rick Wayne
The crackers only have to be lucky once; defenders must strengthen the whole system. Case in point: the Ounce source-code vulnerability scanner. Ounce includes tools not just for dedicated security analysts, but for line developers and managers, too. Ounce's scanning technology is fast, the UI organizes reams of information into usable form, and Ounce appears blessedly free of the false-positive blizzard. The analyst's application scans, sets policies, and can prioritize results, while the Eclipse and Visual Studio plug-ins for developers let them scan code and confirm fixes. Also, the Portfolio Manager reports statistical and trend information, letting the whole team know how the battle is going.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.