Blog
Fortify on Demand
Fortify on Demand

Fortify on Demand delivers secure web applications

HP Fortify on Demand is probably one of the best available Source Code Analysis services for tracing security leaks, and code weaknesses. Which is why we use Fortify to analyze application code prior to delivery. Read this blog to find out more about the type of weaknesses that Fortify on Demand can find… 

Safety foremost

It’s in the interest of BSL and our clients that our web software and applications are safe and secure. Because of this we choose to employ the most powerful Source Code Analyse services available, including Fortify on Demand services from HPE. We analyze the code and the libraries we use to develop web applications as part of our development work. As a result, we are able to identify potential code weaknesses, modify our code, and protect clients and their website users from attack.

Fortify on Demand

Previously, we’ve worked with alternative tools, including Klocwork and FindBugs. We’ve switched to Fortify on Demand, because this provides many unique features, and is highly valued by our clients. We can now quickly identify many types of potential weakness that hackers may use to attack or even disable web services. Fortify can identify static code issues, simply by scanning the code. It also performs dynamic scans, emulating the use of the code. As a result of these scans, we get a complete overview of potential exploits and weaknesses. Firstly, the tool identifies where the problems lay in the code. It then provides hints that we can use to resolve each issue. In other words, everything our engineers need to quickly make any required changes.

Types of vulnerability

Insecure Transport is one exploit that Fortify on Demand can identify. This problem occurs when applications use external services over an insecure connection. As a result, hackers can try to intercept or redirect the connection. The solution is simple: we use a protected protocol (for example: FTPS instead of  FTP).

A second example is a Resource Leak. This can occur if a connection does not close properly after use. Because servers can only keep a finite number of connections open, hackers can exploit this error. If successful, they can make a server unusable. They can even disable security services designed to block other exploits. Once we identify such an issue, our developers can modify the code to ensure that we close each connection when no longer needed.

A third example? A System Information Leak. This occurs when the web app displays information that contains technical details. Perhaps the database type, operating system or even a username. As a result, this information makes it easier for a hacker to plan an attack on the server. For example, if you know the OS you might already know other weaknesses that you can exploit. Fortify on Demand identifies such dialogs, so our developers can ensure that only essential information is displayed.

These are just simple examples, but by using Fortify to scan our code, our developers can quickly make changes to improve  security. And we can then carry out a re-scan to confirm if the change has worked.

Safe and secure software

Fortify on Demand

BSL employs Fortify to scan software such as Pulse. Pulse is a custom news- and alert service, designed and developed by BSL. Pulse indexes and classifies tens of thousands of news articles received each day, in real-time. It provides PwC professionals working throughout Europe with thousands of profiled news feeds. Not only via the company website, but via e-mail and their smartphones. By automatically selecting the best content, Pulse keeps PwC consultants up-to-date with the latest business developments.

Fortify is just one of the tools we have used to verify our Pulse software – which contains many hundreds of thousands of lines of code. It’s probably a sign of our success that Pulse has been in use for more than 7 years, and has never been successfully attacked.

Let BSL keep your users safe

Do you want to find out more about how BSL can keep your users and web applications safe? Just get in touch – no obligation – and we can discuss how to improve the security of your web applications.

Introducing a new Graphic Workflow system at NBD Biblion

Introducing a new Graphic Workflow system at NBD Biblion

NBD Biblion supplies media and books to Dutch public libraries and school media centres. We developed their Media Information and Production System (MIPS), which catalogues hundreds of new titles each month. Our most recent project encompasses the design and development of their new Graphic Workflow.

New developments for the Keylane Careers website

New developments for the Keylane Careers website

Keylane is a provider of SaaS software for the insurance and pensions industry. With rapid growth and employees in four countries, the company is constantly seeking new talent. Keylane has engaged BSL to create new pages for the “Keylane Academy” to showcase career development opportunities within the company.

Pulse – enhanced user experience and embedded AI

Pulse – enhanced user experience and embedded AI

Pulse just got better! Our latest Pulse release, developed for PricewaterhouseCoopers (PwC) by BSL, leverages cutting-edge Azure AI technology. It introduces new AI-based features such as translation, summarisation, and sentiment analysis. We’ve also redesigned the user interface for an improved user experience.

Progressive Web Apps in EU undermined by Apple?

Progressive Web Apps in EU undermined by Apple?

If you aren’t familiar with mobile app development, you may not know that Apple has recently thrown a rather large spanner into the iOS ecosystem. Since the early betas of iOS 17.4 were made available, developers noted that so-called “Progressive Web Apps” (PWAs) were no longer functional in the EU. Our blog explains more.

The role of AI in Business Intelligence for multinationals

The role of AI in Business Intelligence for multinationals

BSL delivers Business Intelligence solutions to multinational organisations, integrating content from thousands of publications worldwide and delivering daily themed news alerts and briefings to business users. Recently, we’ve introduced AI technologies to these services, and our latest blog post highlights some of the benefits.

Whiteboards and the Canon of the Netherlands app

Whiteboards and the Canon of the Netherlands app

Recently, a digital whiteboard supplier called CTOUCH reached out to BSL, requesting permission to include the Canon of the Netherlands app in their store for use on their digital whiteboards in classrooms. We liked the idea and recently created a special version of our app designed specifically for the big screen.

Google Looker Studio: Making sense of big data

Google Looker Studio: Making sense of big data

In today’s fast-paced world, making quick and well-informed decisions is crucial. Google Looker Studio is a free tool that can give you a significant advantage. It can help you transform your vast amount of Analytics data into informative, easy-to-read dashboards and reports that are completely customizable.

Let BSL take care of your website maintenance updates

Let BSL take care of your website maintenance updates

We understand the importance of regular website maintenance updates for WordPress and Drupal. Hackers sometimes target popular open-source products, so keeping your CMS and any plugins up-to-date is essential. Trust BSL to keep your website up-to-date and secure while you focus on crafting persuasive content for your audience.

BSL Summer event on the water

BSL Summer event on the water

It was time for our annual summer event with the whole company. This year, Diana arranged a boat trip in a salon boat along the Vecht towards Loenen and Vreeland. After the boat trip, the summer event continued in the restaurant of Bistrotel ‘t Amsterdammertje, where everyone enjoyed a delicious dinner.

Adobe Firefly and Photoshop Beta with generative fill

Adobe Firefly and Photoshop Beta with generative fill

After the success of ChatGPT and Midjourney AI – both already in use at BSL – Adobe didn’t want to be left behind and made public their Beta releases of Adobe Firefly and Photoshop AI. With the arrival of the Adobe Betas, we’ve turned our attention to the new kids on the block, comparing them with Midjourney.

Midjourney prompts – Describing your perfect image

Midjourney prompts – Describing your perfect image

In an earlier blog, we introduced Midjourney as a tool we use within BSL when designing websites and banners for blogs. To direct Midjourney to create the image you have in mind, you need to write a prompt describing the image. This new blog discusses Midjourney prompts and some of the commands and parameters you can use.

Drupal 9 development using Tailwind CSS

Drupal 9 development using Tailwind CSS

Using Drupal, BSL has developed an extensive Intranet site to which we all have access. We’re developing a new version of the site, and in this blog, one of our developers talks about some of the tools we are using, including Twig templates, the Entity and Form APIs and Tailwind CSS.

Midjourney AI – Turning your ideas into images

Midjourney AI – Turning your ideas into images

Over the past few weeks, BSL has been exploring the many possibilities offered by Artificial Intelligence. This latest blog describes the use of Midjourney AI, a web service that generates images based on natural language descriptions (“prompts”). The results are impressive. Read our blog to find out more.

The benefits of long-term partnerships

The benefits of long-term partnerships

NBD Biblion offers personalised book and media title recommendations to schools and libraries, and supplies their clients with the titles they select. BSL has had a long-term partnership with NBD Biblion for more than twenty years, delivering development teams, technical advice, and support.

ChatGPT for business information analysis

ChatGPT for business information analysis

After the initial enthusiastic response to the introduction of ChatGPT and AI, attention switched to the unreliability of many ChatGPT answers. However, using Azure OpenAI (ChatGPT) and Cognitive Search with reliable data, we can deliver reliable, high-quality business information in response to natural language queries.

Browser engine wars – Part 2 – The impact of Apple’s iOS monopoly

Browser engine wars – Part 2 – The impact of Apple’s iOS monopoly

The Apple iOS monopoly means that every app on iOS – including browsers from Apple’s competitors – must use WebKit to display web content. While it’s not uncommon for browser developers to use a third-party engine, they can usually control which engine features they use in their browser and – if needed – add custom features.

Browser engine wars – Part 1 – How did we get here?

Browser engine wars – Part 1 – How did we get here?

The Register recently reported that Google is working on an iOS version of Chromium. A few days later, a second article claimed that Mozilla is working on an iOS version of Gecko, Firefox’s browser engine. Both reports suggest that the Apple browser engine on iOS, WebKit, is in danger of losing its monopoly.

Donation on behalf of earthquake victims in Turkey and Syria

Donation on behalf of earthquake victims in Turkey and Syria

On Monday, 6 February, several powerful earthquakes and aftershocks hit Turkey and Syria. This disaster affects as many as 23 million people, including many who are already in desperate need due to the conflict in Syria. If possible, please join us in making a donation on the Giro555 website.

WordPress and page-builders such as Divi and Elementor

WordPress and page-builders such as Divi and Elementor

For building websites on behalf of clients, we often use WordPress together with page-builders, making it easy to prototype and develop modern, responsive websites. With page-builders such as Divi and Elementor, you can easily and quickly design and build pages to match almost any design.

2022 and the Bright Side of Life

2022 and the Bright Side of Life

Taking the time to reflect regularly on the things we are grateful for at the Bright Side can help shift our perspective to focus on the positive aspects of our work. So, here are the things for which I’m grateful in 2022.

SEO benefits, and the power of good-quality content

SEO benefits, and the power of good-quality content

Many business owners still think their websites are merely visiting cards. Their “go-to” expression is: “our clients/audience already know where to find us…”. This may be true, but optimizing your website will reach new clients and audiences.

New Keylane Careers website

New Keylane Careers website

Keylane asked BSL to help design and build a new Careers website. The main aim is to increase the number of visitors by improving the organic search performance. To achieve this, we’re introducing a new design and adding blogs.

Cloud provider migration: What are the benefits?

Cloud provider migration: What are the benefits?

The focus of Cloud computing is to improve the efficiency of IT services. By choosing a cloud-based solution, organisations can stay up-to-date with technology innovations and benefit from higher scalability, lower expenses, and enhanced security.

A new website for BoekWijzer

A new website for BoekWijzer

We’ve completely revamped the BoekWijzer website! The website was built to support the BoekWijzer app, the mobile guide to the world of Dutch literature. Using the app, you can quickly and easily stay up to date with the latest literary news.

New developer / web designer at BSL

New developer / web designer at BSL

If you have any questions about your website or web design in general, then Patrick van Bennekom is ready to help you five days a week at BSL. Patrick helps to design and create websites and apps for our customers, including the design of logos and house styles to deliver a professional end product.

Migrating to the Cloud, benefits and opportunities

Migrating to the Cloud, benefits and opportunities

Several of our clients are migrating to the Cloud, and some that aren’t yet ready for this step are reviewing their legacy systems, intending to migrate to the Cloud in the future. We’ve recently completed two migrations on behalf of multinationals, and our experience has taught us that a direct approach (simply redeploying existing databases and applications on virtual machines) is not always the best route…

Beleev: Controlled Multisensory Environments

Beleev: Controlled Multisensory Environments

Perhaps you have never heard of snoezelen, a Dutch term that describes controlled multisensory environments (MSE) that stimulate various senses within a custom environment – a so-called “Snoezel” room. On behalf of St. John the Baptist special education school in Kerkrade, we’ve created custom software to create and manage so-called “Snoezel” rooms, controlling, lights, audio, switches and a video projector.

Goodbye 2021 and COVID-19 lockdowns – It’s time to look back

Goodbye 2021 and COVID-19 lockdowns – It’s time to look back

So who, in early 2020, thought that we’d still be operating under COVID-19 lockdown measures in January 2022? Luckily, my skill set has given me a better understanding of software development and technology than catering or hospitality. As director of an IT company, I’m happy to say that Bright Side of Life has taken to remote working as a fish to water. Let me tell you about our year.

Canon of the Netherlands apps now available in stores

Canon of the Netherlands apps now available in stores

The Dutch Canon of the Netherlands (2007) tells the story of how the Netherlands was formed. Using the Canon, BSL developed the popular EnToen Nu apps for iOS and Android a few years later. In 2020, the Canon was extensively revised, so we’ve completely rewritten the Canon apps, bringing them up-to-date, making them faster and even more fun to use. They’re now available in the app stores.

4

Previous

5

Next

Contact BSL