Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

User Enumeration: Too Much Information


Over the years, the state of application security and the awareness of application vulnerabilities has gradually improved. Developers are increasingly aware of common pitfalls and certain kinds of vulnerabilities are becoming less common. Despite that, there are still some basic application vulnerabilities which remain very common even long after being discovered and written about. One of those is User Enumeration.

Labels: Fortify

Securing our homes with outbound DNS Filtering

home sec.jpgRecently, there was a study released that 70 Percent of Internet of Things Devices are vulnerable to attack. As a security professional, and a parent, this made me think about the network security in my home. Lets explore one layer of security in this battle.


Labels: Fortify

iCloud Security: How do we get from here to there?

Recently, news about the leak of several celebrity photos of a compromising nature has A-lister’s and followers alike abuzz. Many of the celebs involved have claimed the photos are faked and some, like Mary E. Winstead, have stated that the images were taken and deleted years ago. This suggests her pictures were either stored in the cloud (e.g., iCloud storage), or were grabbed at the time.

Labels: Fortify

How Safe is Your Data in the Cloud?

hp-a-cloudsecurity.jpgThe age-old debate for cloud storage comes down to one very real question, "Is your data safe?" 


Recently, "Team DoulCi," a Dutch-Moroccan team of hackers, claimed to have compromised a protective feature on Apple's iCloud system that could leverage an attacker to remove security measures on lost or stolen iPhone devices. 

Labels: Fortify

Modern Web Hacking – Accessing Data through Insecure Direct References

hackers gonna hack.jpgIn times past, traditional web application security vulnerabilities were everywhere. Today, it is very common to come across SQL injection and Cross-Site Scripting in older applications. Those vulnerabilities are commonly attributed to poor input validation and poorly formed SQL queries. In my experience, modern development frameworks have contributed to greatly reducing the number of traditional web application issues. So what should a modern hacker do?

Labels: Fortify

HP Fortify #Security Team judges Annual #ScriptEdHackathon

scripted-logo.jpgBack in November during AppSec USA, HP made a donation to a cool "kids and code" non-profit, ScriptEd in New York City. This month part of our team is back in the Big Apple for their annual Hackathon. 

Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.