Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

Displaying articles for: January 2014

Games and Security



We love gaming at Fortify. We also love security. So we just launched a new project. The aim is to design a new OWASP project to help classify the diverse types of game hacks that exist for some of the world’s biggest game types. We are hoping his will benefit the game industry as a whole. The project aims to classify past problems in games, break down those flaws as much as possible (technically), and create a do-not-do list of flaws that new game companies (we love you QA engineers) can reference when creating new games. Read more about this alpha project.

SecLists: A Security Tester's Companion

Screen Shot 2014-01-23 at 4.08.21 PM.pngAs security testers we always need good lists. Whether we're doing netpen, web assessments, or even forensics or static analysis--having a solid source of usernames, passwords, strings used for grep searches, etc. is critical.


SecLists is an OWASP project that consolidates all these lists into one place. It includes multiple types of lists, such as usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, URL lists, and many more…

Should mobile device info be considered private? Some apps are pulling this data.

Mobile Device PrivacyShould your device information be considered private?  Some companies are pulling this data and most users don't know this is happening. Let's take a look at the type of info that a real mobile app collects from your device.  

Why WAFs and MDM are not Security Silver Bullets

silverbullet.jpegApplication security is tough to accomplish, and people often fall to the temptation to look for a silver bullet that solves the problem. Two of these potential "silver bullets” are the good old web application firewall (WAF) and the relatively new Mobile Device Management (MDM). Let’s take a look at these two products to see why they are not silver bullets and where they can fit as pieces of an application security program.

Showing results for 
Search instead for 
Do you mean 
About the Author(s)
  • Abhishek Rath is a Security Consultant with Fortify on Demand based out of New York City, New York. His areas of expertise are application security testing, risk management and building application security programs for the Global and Fortune 100. He can be reached at
  • Adam Cazzolla is a Sr. Security Consultant with HP Fortify on Demand.
  • hacker, developer, script junkie [python,ruby,php]
  • Hacks for a living.
  • Jason Johnson is a Sr. Security Consultant with HP Fortify on Demand.
  • I have a passion for security and endeavor to participate in strong security defenses.
  • Lucas Gates is an Advanced Dynamic Tester with the Fortify On Demand team who enjoys responsible hacking.
  • US Army veteran. IT and infoSec professional since 1994. Founder of HouSecCon. aka m1a1vet
  • Rick Dunnam is an IS security professional with 15+ years experience in Enterprise Security and has consulted for many industry verticals: Banking, CPG, Healthcare, Government, Hospitality, and more
  • Sam Denard is a Senior Security Engineer with HP Enterprise Security.
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.