Job Description :
Security/Penetration Tester
Location:- Greenville SC
Duration:- 6 months
HPE Fortify on Demand
IBM AppScan on Demand
SAST
Fortify Static Code Analyzer
Automated static code analysis to help developers eliminate vulnerabilities and build secure software.
DAST
Fortify WebInspect
Automated dynamic security testing tool to find and prioritize exploitable web vulnerabilities.
SAST
IBM Static Analyzer
DAST
IBM Security AppScan
HP WebInspect is a Web application security assessment solution designed to thoroughly analyze today’s complex Web applications and Web services for security vulnerabilities. It delivers broad technology coverage, fast scanning capabilities, extensive vulnerability knowledge, and accurate Web application scanning results. HP WebInspect is an integral part of the HP integrated security testing technologies that uncover real and relevant security vulnerabilities in a way that siloed security testing cannot.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
STRENGTHS
HPE Fortify is a well-known brand worldwide. It very frequently appears on clients' shortlists, particularly where multiple testing technologies are desired, and was the first AST vendor to provide capabilities in SAST, DAST and IAST.
IBM is a large provider of a complete AST solution (SAST, DAST and IAST) and other security products/services with multiregional presence and delivery capabilities.
HPE's SAST has the broadest language support of any of the SAST providers, and its WebInspect IAST agent for Java and .NET is included at no cost for WebInspect DAST tool customers.
IBM's Application Security Management provides risk-centric unified reporting and dashboard functionality and an underlying framework to manage business-impacting security risks in applications.
HPE has one of the strongest SDLC integrations and includes innovative features in this space, such as DevInspect and Security Assistant.
IBM has added innovative SAST functionality to improve accuracy, namely Intelligent Code Analysis (ICA) and Intelligent Findings Analytics (IFA), both of which are delivered via the cloud to on-premises and cloud clients.
HPE has a comprehensive set of enterprise capabilities, such as role-based access control (RBAC), full authentication integration, extensive WAF integration and its own SCA capabilities, as well as integration with Sonatype and Black Duck.
CAUTIONS
The spinoff and merger of HPE's software group with Micro Focus raises concerns for clients about how the newly expanded company will integrate and support the Fortify brand and its customers, and the future commitment of the merged company to the existing roadmap as well as continued innovation and investment in research and development of the AST solutions.
Gartner inquiry feedback indicates IBM solutions are showing up in fewer competitive shortlists than other Leaders, and that a large percentage of AppScan clients leverage it as part of an existing relationship or spend with IBM.
Some AST capabilities, such as malware detection, are only available with the Fortify on Demand offering.
The stability and evolution of IBM's partnership with Cigital to deliver managed, human-augmented DAST services is unclear with the recent acquisition of Cigital by Synopsys.
Clients have frequently mentioned that the on-premises Fortify AST solutions can have a steep learning curve and require extensive configuration to properly integrate and run.
IBM does not have its own SCA, and its integration with partner Black Duck is limited to AppScan Enterprise.
IAST support for PHP and Node.js is not yet available.
IBM's IAST has not earned brand recognition in this space compared to its direct competitors.