Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

Displaying articles for: January 2014

Games and Security



We love gaming at Fortify. We also love security. So we just launched a new project. The aim is to design a new OWASP project to help classify the diverse types of game hacks that exist for some of the world’s biggest game types. We are hoping his will benefit the game industry as a whole. The project aims to classify past problems in games, break down those flaws as much as possible (technically), and create a do-not-do list of flaws that new game companies (we love you QA engineers) can reference when creating new games. Read more about this alpha project.

Tags: Fortify| owasp

SecLists: A Security Tester's Companion

Screen Shot 2014-01-23 at 4.08.21 PM.pngAs security testers we always need good lists. Whether we're doing netpen, web assessments, or even forensics or static analysis--having a solid source of usernames, passwords, strings used for grep searches, etc. is critical.


SecLists is an OWASP project that consolidates all these lists into one place. It includes multiple types of lists, such as usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, URL lists, and many more…

Should mobile device info be considered private? Some apps are pulling this data.

Mobile Device PrivacyShould your device information be considered private?  Some companies are pulling this data and most users don't know this is happening. Let's take a look at the type of info that a real mobile app collects from your device.  

Why WAFs and MDM are not Security Silver Bullets

silverbullet.jpegApplication security is tough to accomplish, and people often fall to the temptation to look for a silver bullet that solves the problem. Two of these potential "silver bullets” are the good old web application firewall (WAF) and the relatively new Mobile Device Management (MDM). Let’s take a look at these two products to see why they are not silver bullets and where they can fit as pieces of an application security program.

5 Reasons Jailbreaking Your Phone is a Bad Idea

 Screen Shot 2014-01-07 at 3.07.13 PM.pngAs you may already know, the Evasi0n7 jailbreak for iOS7 was released during the holidays, and many scrambled to get it installed as soon as possible.


What many don’t know is how utterly bad jailbreaking is for your device. Let us count the ways…

Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.