Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit www.hp.com/go/fortify

Displaying articles for: September 2013

Mobile Security: Threat Modeling Apple's TouchID

Screen Shot 2013-09-24 at 10.32.11 AM.png

 

There are three main ways that mobile devices are attacked. With TouchID, Apple is trying to increase mobile device security and protect your device from attacks. 

 

But is it really effective? Keep reading to hear my thoughts on this technology and what it means for InfoSec.  

 

Tags: 5s| apple| iphone| TouchID

Account Harvesting: The Fail Trifecta of Web Application Vulnerabilities

trifecta.jpgAt our testing practice here at Fortify on Demand we test a lot of web applications. We get them both as standalone web apps, and we get them as backends to mobile applications. During the course of this work we (too) often come across a serious issue that we refer to as Account Harvesting.

 

I call it a vulnerability, but really it’s really an uber-vuln—a brutal combination of three separate issues that are cause for significant concern when present simultaneously on the same app. It’s the fail trifecta of authentication security...

Announcing HP ArcSight Application View-protect your applications

Arcsight application view.pngWith the evolution of threats targeting applications as the weakest link in the security

ecosystem, it’s becoming more and more difficult to keep your information safeguarded. See how HP ArcSight Application View can help

Search
About the Author(s)
  • Adam Cazzolla is a Sr. Security Consultant with HP Fortify on Demand.
  • http://www.danielmiessler.com/about
  • hacker, developer, script junkie [python,ruby,php]
  • Jason Johnson is a Sr. Security Consultant with HP Fortify on Demand.
  • I have a passion for security and endeavor to participate in strong security defenses.
  • Lucas Gates is an Advanced Dynamic Tester with the Fortify On Demand team who enjoys responsible hacking.
  • US Army veteran. IT and infoSec professional since 1994. Founder of HouSecCon. aka m1a1vet
  • Rick Dunnam is an IS security professional with 15+ years experience in Enterprise Security and has consulted for many industry verticals: Banking, CPG, Healthcare, Government, Hospitality, and more
  • Sam Denard is a Senior Security Engineer with HP Enterprise Security.
Follow Us


HP Blog

HP Software Solutions Blog

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation