In my ASP web page I am displaying SSN number " name ="txtSSNID" size ="20"> The Fortify Developer tool detects this as error. How can I fix this issue. I need to display the SSN Number but the thing is it should not caught while testing in Fortify developer tool for security violations ...
Is it sufficient to have System.Web.Configuration.HttpRuntimeSection.EnableHeaderChecking set to true (default) to fully prevent Http Header Injection attacks like Response Splitting etc.? I'm asking because a white box penetration testing tool (fortify) reports exploitable http header injection issues with HttpResponse.Redirect and coo...
Hey everyone! First off, any help is much appreciated! I am trying to use Fortify Source Code Analyzer for a research project at my school to test the security for open source Java web applications. I am currently working on Apache Lenya. I am working with the last stable release (Lenya v2.0.2). Inside the root directory there is a fil...
com.xpn.xwiki.test.AbstractXWikiComponentTestCase This is the only class that cannot be resolved. I have run mvn package Then I have tried to build with sourceanalyzer and this is the only class that cannot be found. I do not understand why mvn package would not have gotten this for me. Any help would be great. Thanks ...
Good morning, everyone. I'm on a short-term contracting gig, trying to patch some vulnerabilities in their legacy code. The application I'm working on is a combination of Classic ASP(VBScript) and .Net 2.0 (C#). One of the tools they have purchased is Fortify 360. Let's say that this is a current classic ASP page in the application...
Hi friends I am new in Hudson. I would like to execute a 'sourcecodeanalyzer' command in Hudson as Post-build Actions to generate an html report. Please let me know is this at all possible, if yes let me know the Hudson configuration steps to execute the command. Your earliest response in this regard will be extremely helpful. Thanks ...
While getting scource code analyzed by fortify source code analyzer if I want to skip selected catagory say "Poor Error Handling : Empty Catch Block" - is there any way to do that? In case of checkstyle report generator there is a way to skip selected error being reported. I would like to have that flexibility in case of fortify source c...
How to use Fortify Source Code Analyzer to analyse T-SQL.? sourceanalyzer -b ID ttt.sql (no error) sourceanalyzer -b ID -scan -f result.fpr (no error) But when I used Fortify Audit Workbench to open the result.fpr file,there is nothing in Issues(no Hot,no Warning,no Info). Was I missed out any parameters in the sourceanalyzer's ...
sourceanalyzer -b ID ttt.sql (no error) sourceanalyzer -b ID -scan -f result.fpr (no error) But when I used Fortify Audit Workbench to open the result.fpr file,there is nothing in Issues(no Hot,no Warning,no Info). Was I missed out any parameters in the sourceanalyzer's command ? ...
I'm trying to run Fortify on a Visual Studio 2008 project. The project builds successfully on its own. When I try to analyze the project with Fortify using the Visual Studio integrated controls, the project builds successfully but an error message is thrown. Here's the output from Fortify console: Fortify SCA... Running: "-show-runtime-...
Anyone have any sample configurations using CruiseControl.net or similar tool? ...
Has anyone used command line to run fortify? I tryin to incorporate fortify run in my CI build and I dont know how to do it. ...