Fortify on Demand

This add-on is operated by Hewlett Packard

Fortify on Demand is Application Security delivered in the cloud.

Fortify on Demand

Last Updated: 05 March 2014

The Fortify on Demand add-on is currently in beta.

Table of Contents

Fortify on Demand is an add-on for evaluating the security of your Heroku-hosted website. Adding the Fortify on Demand Add-on allows you to scan your app from the outside, just as a hacker would, and determine if any vulnerabilities exist.

Provisioning the add-on

The Fortify on Demand add-on can be attached to a Heroku application via the CLI:

A list of all plans available can be found here.

$ heroku addons:add fortifyondemand
-----> Adding fortifyondemand to sharp-mountain-4005... done, v18 (free)

Launching a scan

After provisioning the add-on, open the Fortify dashboard:

$ heroku addons:open fortifyondemand

And select the app domains you wish to scan. A scan request will be sent to the Fortify on Demand system and you will receive results within two (2) hours via your registered email address..

Test coverage

The test will be run at a low depth level and will find vulnerabilities within the OWASP Top 10 categories.

Removing the add-on

The Fortify on Demand add-on can be removed via the CLI.

This will destroy all associated data and cannot be undone!

$ heroku addons:remove fortifyondemand
-----> Removing fortifyondemand from sharp-mountain-4005... done, v20 (free)

Support

All support for the Fortify on Demand add-on should be directed through fod_support@hp.com.