Program Trace Analyzer (PTA) in Testing

The Program Trace Analyzer (PTA) finds vulnerabilities that can be identified more easily while an application is running. It integrates into a QA test to find vulnerabilities while a functional test is being conducted on an application.

Detect Vulnerabilities in a Running Application

PTA enables a QA group to find security vulnerabilities and leaks while conducting a functional test. Working on the application server, PTA takes a QA test and analyzes what could happen if each input was malicious. This new approach enables QA testers to uncover security vulnerabilities in the application with no additional work.

Prioritizes Results from the Source Code Analyzer

When results from Fortify PTA are integrated with those from the Source Code Analyzer, the user gets a more prioritized list of vulnerabilities. By integrated static and dynamic analysis, the user can generate a more accurate and prioritized list of vulnerabilities

Precise and Accurate

PTA sits on the application server and watches the application from the inside, analyzing how and where information flows. With this unobstructed view into the application, while it’s being exercised, PTA is able to accurately identify vulnerabilities.

Easy to Use

Unlike traditional security testing solutions, which were designed for security experts and require configuration and extensive customization, PTA works on its own to uncover security vulnerabilities while a QA tester conducts a functional test. The results are sent to a central console that allows for triage and remediation, or can be sent to developers via bug tracking systems

Actionable Results

PTA provides the exact line of code for each vulnerability and makes it easy to reproduce the issue. Most solutions provide the URL and force testers or developers to search the code for the location of the vulnerability. PTA’s unique position on the application server gives it the ability to report the lowest level of detail.

Works with any QA Test

PTA works with any QA test, whether it’s an automated tool, such as those from Mercury and Borland, or any manual test, and is easily installed on an application server in minutes.

Vulnerabilities Detected

PTA Helps Prevent

• Private data being stolen
• Security leaks
• Fraudulent behavior
• Web site defacement
• Phishing attacks
• Escalation of privileges

PTA Identifies the Following Vulnerabilities

• SQL Injection
• Cross-Site Scripting: Reflective
• Cross-Site Scripting: Persistent
• Command Injection
• Path Manipulation
• Unhandled Exception
• Privacy Violation: Social Security Number
• Privacy Violation: Credit Card Number
• Log Forging
• Xpath Injection
• LDAP Injection