Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

HP WebInspect and F5 Integration

Do you know how long it takes your developers to fix a vulnerability in a web application? Even in a perfect world it could take days, or more likely, weeks to develop a fix for a vulnerability that was found in a production web application, push it through the QC department to make sure it doesn’t impact functionality, and then deploy it to production.  During those weeks the vulnerability is open to the world, waiting to be discovered and exploited.



HP Fortify and F5 Networks have partnered to help organizations defend web applications against these lingering threats.  Web applications remain a substantial source of security exploitations and are largely considered the single greatest target for attackers. The joint solution enables vulnerabilities identified by HP WebInspect to be quickly addressed through an F5 BIG-IP Application Security Manager (ASM) policy.  BIG IP ASM integrates with the HP WebInspect software and the Fortify on Demand cloud based solutions to automate policy configuration and provide the ability to protect against vulnerabilities fast. This plays directly into the HP Fortify theme Assess, Assure, Protect vision for software security.  The user's application remains protected and in compliance without interruption to business applications, allowing code to be fixed in an efficient manner without rushing it through the change management process.


HP’s application vulnerability scanning test results allows security teams to distribute actionable intelligence and remediation guidance and when combined with BIG-IP ASM, allows organizations to achieve dynamic security in compliance with a broad range of standards, including payment card industry (PCI).


Underneath File > Export in WebInspect choose "Protection Rules to Web Application Firewall..."


WAF Export button.png


WAF Export.png


By partnering with F5, we’ve created real value for our customers for in all stages of application development. Yet another way Fortify is delivering on our Assess, Assure, Protect vision.


F5 WI import.png


Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.