Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit www.hp.com/go/fortify

Displaying articles for: February 2014

Open Source Security is the focus for Fortify/Sonatype Integration

threat.jpgOrganizations want visibility into both the security vulnerabilities that exist in their application code, as well as know security and license vulnerabilities in open source components used within their applications. A just-released integration of open source analysis within Fortify on Demand gives users that visibility.

The Secure Web Series, Part 2: How to Avoid User Account Harvesting

Screen Shot 2014-02-23 at 8.50.33 PM.pngWelcome to the second post in a series on how to avoid common web application vulnerabilities, called The Secure Web Series.

 
In this series of posts I’ll be exploring some of the most common vulnerabilities we see in our testing practice here at Fortify on Demand. The focus of the series will be on vulnerabilities that aren’t easily identified via automation, as these are harder to find using readily available tools and many testing offerings tend to miss them during assessments.
 
In the first post of the series we talked about Building a Secure Password Reset Mechanism, and in this installment we will cover Account Harvesting

Is it love, or your sensitive data, in the air this Valentine’s Day?

 

5-mobile-dating-app.jpg

 

Users of popular dating apps may find love easier, but are they giving away sensitive information to get it?

The Secure Web Series, Part 1: Securing Your Password Reset Mechanism

Screen Shot 2014-02-09 at 12.37.04 PM.pngWelcome to a new series on how to avoid common web application vulnerabilities, called The Secure Web Series.

 
In this series of posts I’ll be exploring some of the most common vulnerabilities we see in our testing practice here at Fortify on DemandThe focus of the series will be on vulnerabilities that aren’t easily identified via automation, as these are harder to find using readily available tools and many testing offerings tend to miss them during assessments.
 
In this first installment, we'll be talking about vulnerabilities in the Password Reset Mechanism

Application Security SaaS Vendors: Why Fortify on Demand is the right choice

On a daily basis I get asked by prospects on why they should choose Fortify on Demand (FoD) over other a-vote-mark-the-right-choice.jpgApplication Security SaaS vendors.  Over the next few months I intend to answer those questions and bring clarity as to why FoD is highly unique in the marketplace and experiencing remarkable growth.

Your Compliance Auditor Needs Access – Choose Your Security Tools Wisely

SoftwareSecurityTools.png

Do you like running reports over and over again when your compliance auditor comes to call? Or would you rather sit your auditor in front of a screen with all the access to data that he needs, then walk off and get your job done? If it's the former, stop reading because you have some issues that we probably can't fix. If it is the latter, then read on for some ideas.

Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
  • Abhishek Rath is a Security Consultant with Fortify on Demand based out of New York City, New York. His areas of expertise are application security testing, risk management and building application security programs for the Global and Fortune 100. He can be reached at Abhishek.Rath@hp.com
  • Adam Cazzolla is a Sr. Security Consultant with HP Fortify on Demand.
  • http://www.danielmiessler.com/about
  • hacker, developer, script junkie [python,ruby,php]
  • Jason Johnson is a Sr. Security Consultant with HP Fortify on Demand.
  • I have a passion for security and endeavor to participate in strong security defenses.
  • Lucas Gates is an Advanced Dynamic Tester with the Fortify On Demand team who enjoys responsible hacking.
  • US Army veteran. IT and infoSec professional since 1994. Founder of HouSecCon. aka m1a1vet
  • Rick Dunnam is an IS security professional with 15+ years experience in Enterprise Security and has consulted for many industry verticals: Banking, CPG, Healthcare, Government, Hospitality, and more
  • Sam Denard is a Senior Security Engineer with HP Enterprise Security.
HP Blog

HP Software Solutions Blog

Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.