How can I see all the rules of Fortify Secure Coding Rules?

security rules fortify
compsey picture compsey · Jan 14, 2013 · Viewed 10.6k times · Source

I want to see the specific rules of Fortify Secure Coding Rules (the rules that Fortify uses by default), because I want to write a report about all rules that are used by Fortify:

  • I have tried to see them in C:\Program Files\Fortify Software\HP Fortify v3.60\Core\config\rules but I have found .bin files and I can't see them.
  • I also have opened AuditWorkbench and in Security Content Management I can't see them either.

Is there any way to see them?? Thanks for your help.

Answer

LaJmOn picture LaJmOn · Jan 14, 2013

Short of becoming a Software Engineer at HP Fortify, No. The default rules are considered Intellectual Property of HP Fortify and no one outside Engineering has access to them.

What problem are you trying to solve by this report?

Related questions

How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')"); That's …

Read More
SecurityError: Blocked a frame with origin from accessing a cross-origin frame

I am loading an <iframe> in my HTML page and trying to access the elements within it using Javascript, but when I try to execute my code, I get the following error: SecurityError: Blocked a frame with origin "…

Read More
How to create .pfx file from certificate and private key?

I need .pfx file to install https on website on IIS. I have two separate files: certificate (.cer or pem) and private key (.crt) but IIS accepts only .pfx files. I obviously installed certificate and it is available in certificate …

Read More