As software development accelerates and threat landscapes evolve, application security testing must keep pace. OpenText™ Application Security Testing (Fortify) 25.2 marks a major milestone in our mission to deliver intelligent, developer-centric security that scales across modern SDLCs. This release brings significant enhancements across static and dynamic application security testing, enriched AI capabilities, and expanded ecosystem integrations—all designed to help you secure applications without slowing down innovation.
Here’s what’s new and notable in OpenText Application Security Testing 25.2.
Smarter SAST: New AI-powered capabilities
OpenText Application Security Aviator expansion
Now broadly available to all OpenText SAST customers (on-prem and SaaS), OpenText Application Security Aviator uses LLMs to review static findings with high accuracy, explain issues in plain English, and suggest precise remediation—often in copy-pastable code. It’s a dramatic step forward in audit efficiency and reduction of false positives (FP).
AI/ML detection enhancements
The 25.2 release incorporates detection improvements to secure the AI/ML development ecosystem itself. Notably, we’ve added support for Python AutoGen (v0.4.x)—an emerging framework for AI agents. OpenText now detects misuse and trust issues specific to agentic workflows that may introduce security gaps in LLM-powered systems.
DAST: Expanded language & workflow support
SecureBase enhancements
DAST’s engine (SecureBase) has been updated with improved detection of modern web app vulnerabilities. Enhancements include smarter input validation checks and better coverage for Single Page Applications (SPAs).
Workflow-driven scanning improvements
ScanCentral DAST now offers enhanced support for authenticated scanning and improved handling of complex web application flows, utilizing event-based macros and API scan optimizations.
Seamless DevSecOps integration
Enhanced FCLI and automation options
For Application Security Aviator and ScanCentral users, CLI and container-based workflows have been improved for easier deployment and scripting across DevOps pipelines.
Infrastructure enhancements: SHA-256 support in LIM
The OpenText License and Infrastructure Manager now supports SHA-256, ensuring secure offline activations and broader crypto compliance for regulated environments.
Unified experience and content coverage
Vulnerability coverage grows to 1,495 categories
With 33+ programming languages and over one million APIs covered, OpenText continues to lead in depth and breadth of detection across both legacy and modern application stacks.
Consolidated documentation and product naming
As part of our rebrand under OpenText, we’ve unified our documentation and streamlined naming conventions to reflect OpenText Application Security Testing’s (Fortify) integration into the broader OpenText Application Security portfolio.
Developer-centric security
Secure Code Warrior integration
25.2 deepens the integration with Secure Code Warrior to provide contextual learning based on real SAST results, helping developers fix vulnerabilities faster and learn secure coding habits in the flow of work.
Final thoughts
OpenText Application Security Testing 25.2 continues the momentum toward intelligent, developer-friendly AppSec. It’s why we’re consistently recognized as a Customers’ Choice for Application Security Testing. Whether you’re building cloud-native apps, deploying AI agents, or scaling security across a hybrid enterprise, this release offers the tools and intelligence needed to do it securely—and faster.
Explore the full release notes and documentation here.
