Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

Certificate Pinning for Mobile Applications


Here at Fortify on Demand, one of the most common surprises for customers when they see their results from one of our Mobile Application Assessments is that we were able to view and modify all traffic passing between their mobile device and their mobile backend—commonly called a Man in the Middle (MiTM) attack.


Certificate Pinning is a solution that many implement to counter this, but there is a general lack of understanding around thetechnique. Many think (incorrectly) that it's a silver bullet for traffic interception and aren't aware of the potential downsides.


This article will give an overview of mobile certificate pinning and will cover basics, misconceptions, implementation, gotchas, and generally get you up to speed on the topic.

2 Reasons iOS is More Secure Than Android



When I tell people I test the security of mobile applications one of the most common questions people ask is, "Which platform is more secure: Android or iOS?"


There are many ways to answer this, but each of them have their issues. You can look at malware stats, you can look at marketshare, you can look at lists of vulnerabilities. But at some point you're comparing apples and...well, not apples.


There are always other factors, one of which being the user bases. Are people buying the cheapest phones available making the same security choices as those buying the more expensive and popular options? And if not, then aren't we then dealing with poor security choices instead of an insecure platform?


Two Points 


This all being true, there are two reasons iOS will continue to be the more secure platform going forward. Not only will it be more secure, but its position as security lead will actually grow.

Labels: Android| iOS| mobile| security
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
Top Kudoed Posts
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.