Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit www.hp.com/go/fortify

Identify relevant static scan findings faster through HP Fortify's scan analytics

HP Fortify scan analytics enables machine-learning assisted auditing of security scan findings to get relevant vulnerabilities prioritized for remediation faster.

3 Reasons to be at HP Protect this week

3 reasons.jpgThis week is arguably the biggest week for Enterprise Security Products and HP Software. We all make our way to our nation's capital and convene with likeminded security professionals, partners and customers, to discuss how we can safeguard our businesses and our data.

Labels: Security events

Continuous monitoring—A hacker’s view of your internet security posture

fod.pngSoftware security assurance takes a village. At HP Protect, our Software Security track offers a breadth of sessions that will explore organizational and operational efficiencies to new ways of leveraging technologies to get more done, faster.

Labels: Security events

HP Fortify: The Undisputed Leader in 2015 Gartner Magic Quadrant

magic quadrant crop.pngFor 11 years and counting, HP Fortify has been a leader in the Gartner Application Security Testing Magic Quadrant. This year is no different, except that the playing field has gotten larger in the Application Security market and HP Fortify has taken an even greater lead.

What if you cannot remove the vulnerabilities you find?

secure the cloud.pngYou may have the best App Sec program in the world, but if you cannot remove the vulnerabilities you find because you can’t secure the third party code, then you remain at risk.  The SANS Institute quantifies the problem. RASP can help you protect vulnerabilities by serving as a virtual patch. 

Back to Basics: 7 habits of a successful SSA program

A Software Security Assurance (SSA) program, done right, can reduce risk for your organization. Here are 7 habits of successful organizations that have been uncovered over the years by our SSA experts. You can use these gems to make your program even more successful.

HP Fortify finds 100% of tested smartwatches contain significant security vulns

Iot_smartwatch.jpgHP Fortify finds 100 percent of tested smartwatches exhibit security flaws; provides guidance for secure device use. Get the link to the full report in this post.

Anatomy of a Puppy Scam

7758969.pngEvery day, we hear about huge corporate scams; those where adversaries are able to stealthily drain private information and large amounts of money from unsuspecting companies. And every day, people think, "That would never happen to me." But scams happen everywhere, and on every level. My wife and I were looking into purchasing a new puppy for our family. During this process, we were introduced to the world of "Puppy Scams." In this blog post, see how the popular internet puppy scam works. People getting scammed out of hundreds of dollars for cute puppies that are never delivered.

Application Self-protection Fav 5 on Friday July 17, 2015

Five of my favorite security articles for this fabulous Friday, July 17. Catch some of these real-time on LinkedIn or Twitter.

 

These are publically available articles that are provided as a news service only. The intent of this blog post is to share current events related to application security.photo agent cropped.jpg

 

Using Open Source? Get the Whole Picture on Security

Open SourceIs your organization leveraging Open Source? Most are. Does your Security and Risk Assessment address your exposure due to open source? Make sure you are getting the whole picture.

Foundations of an AppSec Program: Part 5--The trim

Tenant Dashboard.jpegPost 5 in a series that discusses the foundations of a good application security program. Some topics that are covered are: philosophy, knowing your assets, key components in the SDLC, testing strategies, reporting, and auditing.  Your feedback is always welcome.

Apple Pay Security Breach?

apple pay.pngApple’s new Apple Pay has been in the news lately and not for reasons that Apple would welcome. There has been a reported increase in fraud surrounding Apple Pay, but is Apple really to blame?

Tags: apple pay| mobile

Have you heard the buzz about Runtime Application Self-protection?

Our friends at Prevoty have been doing a good job making a lot of noise about runtime application self-protection (RASP).  But did you know HP has offered runtime protection since 2008?  (Ok, we like stealth marketing, what can I say.) 

Application self-protection

Foundations of an AppSec Program: Part 4--Turning on the power

electric-spark-vector_f135Alv_.jpgPost 4 in a series that discusses the foundations of a good application security program. Some topics that are covered are: philosophy, knowing your assets, key components in the SDLC, testing strategies, reporting, and auditing.  Your feedback is always welcome.

What You Need to Know About the Logjam Vulnerability

Unknown-1.jpegThere's a new encryption vulnerability called Logjam that's currently getting some attention.

 

Similar to the Freak SSL vulnerability it has to do with using encryption algorithms that have been deprecated, but the details are slightly different in this case.

 

Here are a few things you should know about the issue and what you should do about it.

You're Invited to a Software Security Assurance Summit!

logo_TEN.jpgPlease be our guest at one of 7 events in an upcoming Software Security Assurance Summit Series put on by T.E.N. and sponsored by HP Enterprise Security.

Foundations of an AppSec Program: Part 3--Key phases of the SDLC

appsec.jpgPost 3 in a series that discusses the foundations of a good application security program. Some topics that are covered are: philosophy, knowing your assets, key components in the SDLC, testing strategies, reporting, and auditing.  Your feedback is always welcome.

The State of IoT Security (2015)

2014-30-July-hp-iot-security.jpg

I just returned from IoT World 2015, which is held at Moscone Center in San Francisco. It's a decent sized event with a good spread of vendors, speakers, and panels.

 

What I'd like to do here is give some analysis of what the most common IoT conversations seem to be, where the vendors are playing, and what the security landscape looks like.

 

...

HP Security Strategists get down in the dirt when it comes to security

cio forum.jpgOften, HP experts are asked to weigh in on a wide array of security topics, on a variety of platforms. For thought-leadership at it's best, we recommend you visit the Enterprise CIO Forum--where we feature truly outstanding work by a group of former CISOs and executive security practitioners within HP who help develop our security strategies. After all: the best information, is real-world information.

I'm energized after my RSA booth duty!

I just spent a week at the RSA conference. Yes, I am tired. But guess what… I’m also energized. Why? Because I got to do booth duty all week. Yep, you heard me right. I enjoyed booth duty at RSA!

Labels: Security events

Announcing ShadowOS

Announcing ShadowOS, a free mobile application testing tool from Fortify on Demand.  ShadowOS helps your security and QA teams find vulnerabilities in Android applications early in your testing process.

 

ShadowOS1.png

When does it make sense to use application self-protection and HP Application Defender?

There are several circumstances that scream for application self-protection:

  • You lack access to the code of critical applications
  • Your security scan just found 100+ app vulnerabilities
  • Your vendor told you a patch will be ready in 3 months
  • You have no idea what vulnerabilities you have
  • Your application has been breached and you need protection quick – before an audit

Let’s look at these a little closer.cyber security button.jpg

WebInspect Enterprise 10.40 Release - available NOW!

HP Fortify and the WebInspect Dynamic Application Security Testing (DAST) team are proud to announce the release of WebInspect 10.40.  Current customers can upgrade their WebInspect Enterprise sensors to version 10.40 using the SmartUpdate utility. Customers may also download the latest release from the My Software Updates portal.

Let me, TheAppDefender, protect your software’s security vulnerabilities

You have vulnerabilities in your production applications.  You may say, “no, not me”, but statistics show that you probably do.

infographic stats teaser.jpg

Read on to see what these mean...

HP WebInspect 10.40 Available Now!

Software Security.pngThe HP WebInspect (DAST) team has been working diligently on the latest enhancements to the software and the product is finally ready for release. HP Fortify and the WebInspect team are proud to announce the release of WebInspect 10.40.  Current customers can upgrade their installation to version 10.40 using the SmartUpdate utility. Additionally, customers can download the latest release from the My Software Updates portal.

 

Meet The App Defender

Application Security is hard - but it doesn't have to be.  Meet the App Defender!  Come to the HP booth on Tuesday at 11:40 to learn about this new kind of defense.  And follow The App Defender on Facebook for the latest news: TheAppDefender facebook cover.jpg

Secure the code that runs your business--Join HP at SAP SAPPHIRE NOW 2015

fraud analytics.jpgJoin HP at SAP SAPPHIRE NOW 2015 in Orlando, Florida, May 5-7! We will be presenting, “Secure the code that runs your business,” on Thursday, May 7th at 3pm in Center Demo Theatre PS605. 

Labels: Security events
Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog

Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.