Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

Two-Factor Authentication – Are Two Factors Better Than One?



Two-Factor Authentication adds an extra layer security to the authentication process by requiring more than just a password. This article will discuss what exactly this control is and why you should care.

A New Look at Security - Pin Codes

A new look at Security

I see a lot of posts and information come across from various sources talking about new and exciting hacks or vulnerabilities that were discovered and what they mean to other security professionals. But what about those that are not full time security testers? I have been on plenty of calls with customers where the engineers, security managers and sales people on calls have no reference for what is being discussed. It is all too high-level.

So why not make security simple? I have been in a security mindset for most of my life, but information security or info-sec for short has really been a new experience for me, and I am sure for a lot of other people out there as well.

Tags: Pin Codes
Labels: 2014| authentication

Authenticated application security tests vs. unauthenticated



It’s generally true that unauthenticated tests are faster and cheaper than authenticated scans but are they really giving a complete picture of an application's security posture?

The Secure Web Series, Part 2: How to Avoid User Account Harvesting

Screen Shot 2014-02-23 at 8.50.33 PM.pngWelcome to the second post in a series on how to avoid common web application vulnerabilities, called The Secure Web Series.

In this series of posts I’ll be exploring some of the most common vulnerabilities we see in our testing practice here at Fortify on Demand. The focus of the series will be on vulnerabilities that aren’t easily identified via automation, as these are harder to find using readily available tools and many testing offerings tend to miss them during assessments.
In the first post of the series we talked about Building a Secure Password Reset Mechanism, and in this installment we will cover Account Harvesting
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.