Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

HP Application Defender extends capabilities

HP Application Defender launches additional capabilities including protection for .NET applications, robust reporting capabilities, and online try and buy ability.  

tm graph full smaller size.jpg

Labels: Fortify

November in Application Security

We're over the hump in terms of the calendar year, but for HP it's the beginning of our first quarter, fiscal year 2015. November is traditionally a month to spend time with family, thought you might find a few events and webinars that will help you get a start on your security planning for 2015.november.png

Labels: appsec| Fortify

Application Security...In an ideal scenario


As the software world just adopts new technology without thinking much about security, we need to start working towards creating a culture of accelerated security evolution with transparency.

Labels: Fortify

WebInspect Web Proxy Attack String Obfuscation Automation

Web Inspect.jpgSee how HP WebInspect Web Proxy application tool can be a useful feature for obfuscation of attack strings with various types of character set encodings to help bypass Web Application Firewalls (WAF).

User Enumeration: Too Much Information


Over the years, the state of application security and the awareness of application vulnerabilities has gradually improved. Developers are increasingly aware of common pitfalls and certain kinds of vulnerabilities are becoming less common. Despite that, there are still some basic application vulnerabilities which remain very common even long after being discovered and written about. One of those is User Enumeration.

Labels: Fortify

Securing our homes with outbound DNS Filtering

home sec.jpgRecently, there was a study released that 70 Percent of Internet of Things Devices are vulnerable to attack. As a security professional, and a parent, this made me think about the network security in my home. Lets explore one layer of security in this battle.


Labels: Fortify

HP Fortify Software Security Center and Static Code Analyzer 4.2 available now

The HP Fortify team is happy to release Fortify Software Security Center and Fortify Static Code Analyzer 4.2 

This release cycle continues our focus on productivity and helping AppSec teams get more from their testing programs.


Current customers can download upgrades at:


Let us know what you think and keep the feedback coming --

Labels: Fortify| release| SCA| SSC

October in Application Security

On the heels of what was our busiest month this year, October is no less busy and it nearly got away from me. In fact, it just happens to be Cyber Security Awareness month.ncsam.jpg

iCloud Security: How do we get from here to there?

Recently, news about the leak of several celebrity photos of a compromising nature has A-lister’s and followers alike abuzz. Many of the celebs involved have claimed the photos are faked and some, like Mary E. Winstead, have stated that the images were taken and deleted years ago. This suggests her pictures were either stored in the cloud (e.g., iCloud storage), or were grabbed at the time.

Labels: Fortify

AppSec USA is this Week in Denver!

One of our favorite application security events is upon us. It seems like it was just yesterday that we were in NYC for AppSec 2013, which makes sense since it hasn't been a full year.European_Wasp.jpg

Labels: Fortify

Simplicity for application security—HP Application Defender

HP introduces HP Application Defender, the first application self-protection service managed from the cloud that provides immediate visibility and actively defends production applications against attacks. 

Cover your apps: How application security protects your enterprise

coveraps.jpgHP Protect is right around the corner! Watch this informative video where Paul Muller and Jacob West discuss how to cover your apps! 

Labels: Fortify

Header security – The new novelette

PHYSED blog480 with credit.jpgDo you want to provide extra layers of protection for your website users without a great deal of investment? With some simple HTTP header configurations, your website can boost the defense against injection attacks, SSL enforcement issues, information aggregation, and more.

5 trends in the future of software security

software security 2.jpgSoftware security—over the past decade, we’ve seen a lot of changes. At HP Protect, we'll be looking forward and discussing the 5 trends that you can expect to see in the future of software security.  

Sacrificing application security to meet demands? Not with HP Fortify!

HP-Fortify-On-Demand.jpgHP Protect is coming up fast, and there’s so much to take in while you’re there. Surrounded by the best in security, you’ll want to make time to attend a few HP Fortify demos. Remember: There's no need to sacrifice your application security when you've got HP Fortify in your corner!

Building an Application Security Program – Part 2

sandeep.pngThis is second in the series of 4 posts. In this series, we are discussing the recipe to build and implement an effective application security program. The first step of an organization’s application security journey should be “Assess” i.e. Assessment.


Labels: Fortify

Is the ‘Iron Dome’ doomed?

If we let down our guard, the bad guys will take our stuff. Don't make it easy for others to get through your defenses. Stay educated. Stay aware. And by all means, don't click that link!

Labels: Fortify

HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack

Screen Shot 2014-07-28 at 3.23.04 PM.png

HP Fortify on Demand's is pleased to announce the release of its Internet of Things State of the Union Report revealing 70 percent of the most commonly used Internet of Things (Io) devices contain serious vulnerabilities.


10 devices were tested in various categories, including TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers…



Labels: Fortify

HP Protect sessions--Expanding the horizons of dynamic scanning

horizon.jpgAt this year’s HP Protect conference in Washington DC, I will be co-presenting 2 separate talks, one about the WebInspect API and another about HP Fortify and Continuous Monitoring.  Read this blog post for more information.


Labels: Fortify

Building an Application Security Program – Part 1

When we are talking about introducing ‘secure development lifecycle’ at an enterprise level, we are looking at investment from the management; and whenever there is an investment there are expectations. This first blog post (in the series of 3) describes what are these expectations and how an application security program can be built and implemented to meet these expectations.

Application Security Program

Labels: Fortify

Dynamic protection with HP TippingPoint and HP Fortify

Tipping Point and HP Fortify.jpegWhat happens during the time you discover an app vulnerability until you can actually fix it? If you’re an HP TippingPoint or Fortify customer—don’t worry about it—we’ve got you covered.  

Making the Case for Application Security Testing

small__5474825330.jpgRunning into the seemingly never-ending struggle to get some priority in your organization for application security testing? Consider the following thoughts which may aid your cause.

Looking Out and Looking In

insider_threat_solutions.jpgAre you testing your internal applications for vulnerabilities?  You really should be.

How Safe is Your Data in the Cloud?

hp-a-cloudsecurity.jpgThe age-old debate for cloud storage comes down to one very real question, "Is your data safe?" 


Recently, "Team DoulCi," a Dutch-Moroccan team of hackers, claimed to have compromised a protective feature on Apple's iCloud system that could leverage an attacker to remove security measures on lost or stolen iPhone devices. 

Labels: Fortify

Modern Web Hacking – Accessing Data through Insecure Direct References

hackers gonna hack.jpgIn times past, traditional web application security vulnerabilities were everywhere. Today, it is very common to come across SQL injection and Cross-Site Scripting in older applications. Those vulnerabilities are commonly attributed to poor input validation and poorly formed SQL queries. In my experience, modern development frameworks have contributed to greatly reducing the number of traditional web application issues. So what should a modern hacker do?

Labels: Fortify
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
  • Abhishek Rath is a Security Consultant with Fortify on Demand based out of New York City, New York. His areas of expertise are application security testing, risk management and building application security programs for the Global and Fortune 100. He can be reached at
  • Adam Cazzolla is a Sr. Security Consultant with HP Fortify on Demand.
  • hacker, developer, script junkie [python,ruby,php]
  • Jason Johnson is a Sr. Security Consultant with HP Fortify on Demand.
  • I have a passion for security and endeavor to participate in strong security defenses.
  • Lucas Gates is an Advanced Dynamic Tester with the Fortify On Demand team who enjoys responsible hacking.
  • US Army veteran. IT and infoSec professional since 1994. Founder of HouSecCon. aka m1a1vet
  • Rick Dunnam is an IS security professional with 15+ years experience in Enterprise Security and has consulted for many industry verticals: Banking, CPG, Healthcare, Government, Hospitality, and more
  • Sam Denard is a Senior Security Engineer with HP Enterprise Security.
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.