Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit www.hp.com/go/fortify

Two-Factor Authentication – Are Two Factors Better Than One?

padlock.jpg

 

Two-Factor Authentication adds an extra layer security to the authentication process by requiring more than just a password. This article will discuss what exactly this control is and why you should care.

A New Look at Security - Pin Codes

A new look at Security

I see a lot of posts and information come across from various sources talking about new and exciting hacks or vulnerabilities that were discovered and what they mean to other security professionals. But what about those that are not full time security testers? I have been on plenty of calls with customers where the engineers, security managers and sales people on calls have no reference for what is being discussed. It is all too high-level.

So why not make security simple? I have been in a security mindset for most of my life, but information security or info-sec for short has really been a new experience for me, and I am sure for a lot of other people out there as well.

Tags: Pin Codes
Labels: 2014| authentication

Authenticated application security tests vs. unauthenticated

robots.jpg

 

It’s generally true that unauthenticated tests are faster and cheaper than authenticated scans but are they really giving a complete picture of an application's security posture?

The Secure Web Series, Part 2: How to Avoid User Account Harvesting

Screen Shot 2014-02-23 at 8.50.33 PM.pngWelcome to the second post in a series on how to avoid common web application vulnerabilities, called The Secure Web Series.

 
In this series of posts I’ll be exploring some of the most common vulnerabilities we see in our testing practice here at Fortify on Demand. The focus of the series will be on vulnerabilities that aren’t easily identified via automation, as these are harder to find using readily available tools and many testing offerings tend to miss them during assessments.
 
In the first post of the series we talked about Building a Secure Password Reset Mechanism, and in this installment we will cover Account Harvesting
Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
  • Abhishek Rath is a Security Consultant with Fortify on Demand based out of New York City, New York. His areas of expertise are application security testing, risk management and building application security programs for the Global and Fortune 100. He can be reached at Abhishek.Rath@hp.com
  • Adam Cazzolla is a Sr. Security Consultant with HP Fortify on Demand.
  • http://www.danielmiessler.com/about
  • hacker, developer, script junkie [python,ruby,php]
  • Hacks for a living.
  • Jason Johnson is a Sr. Security Consultant with HP Fortify on Demand.
  • I have a passion for security and endeavor to participate in strong security defenses.
  • Lucas Gates is an Advanced Dynamic Tester with the Fortify On Demand team who enjoys responsible hacking.
  • US Army veteran. IT and infoSec professional since 1994. Founder of HouSecCon. aka m1a1vet
  • Rick Dunnam is an IS security professional with 15+ years experience in Enterprise Security and has consulted for many industry verticals: Banking, CPG, Healthcare, Government, Hospitality, and more
  • Sam Denard is a Senior Security Engineer with HP Enterprise Security.
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.