About TEAM Mentor

Accessing and Reading Content



Editing Content

Eclipse for Fortify plugin

HP Fortify SCA UI Integration

Using the Jade Fail Safe Version

Introduction to TEAM Mentor

TEAM Mentor is an interactive Application Security library (also referred to as a knowledge base or KB) that provides answers to your security questions. TEAM Mentor contains thousands of articles that describe how to implement Application Security controls, and prevent vulnerabilities throughout application life-cycle. Preventing vulnerabilities during development is the most cost effective way to deal with security defects – by not having them in the first place.

To reduce the risk of introducing software vulnerabilities, use TEAM Mentor for reference during development. Identify the relevant security controls, and use the just-in-time prescriptions to guide in their implementation. To increase the level of assurance, use TEAM Mentor to look at the list of common vulnerabilities, review the guidance that describes how to prevent these vulnerabilities, and then verify that the controls described by the guidance have been implemented successfully in your application.

TEAM Mentor can be used in multiple ways:

  • As a reference throughout the application development lifecycle. As application security controls are being implemented, TEAM Mentor guidance can be applied to implement the controls effectively.
  • Integrated with HP Fortify or Checkmarx static code analysis tools. In this scenario, the report produced by the static analysis tool provides links to the relevant TEAM Mentor guidance that describes how to remove the vulnerability.
  • Browsing content to increase the skill level of the developers. TEAM Mentor libraries offer an effective overview of the currently available information security controls. As developers view this information, their overall understanding of application security controls increases.

Please take a look at our Quick Start Guide for quick tips on getting started.