Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

Owning SQLi vulnerability with SQLmap

Injection flaws, often found in legacy code, is the #1 security risk on the OWASP Top 10. SQLi (or SQL Injection) is an injection flaw attack method defined as "insertion or "injection" of a SQL query via the input data from the client to the application".


This blog aims to give you the nuts & bolts on using SQLmap and learn basic techniques to properly evaluate SQLi injections and understand some SQL attack methods.


Posted on behalf of Medz Barao, Fortify on Demand Security Team.

WebInspect Web Proxy Attack String Obfuscation Automation

Web Inspect.jpgSee how HP WebInspect Web Proxy application tool can be a useful feature for obfuscation of attack strings with various types of character set encodings to help bypass Web Application Firewalls (WAF).

Authenticated application security tests vs. unauthenticated



It’s generally true that unauthenticated tests are faster and cheaper than authenticated scans but are they really giving a complete picture of an application's security posture?

September in Application Security

There coudn't be a busier month for Application Security and the HP Fortify team. September in Application Security.png

Header security – The new novelette

PHYSED blog480 with credit.jpgDo you want to provide extra layers of protection for your website users without a great deal of investment? With some simple HTTP header configurations, your website can boost the defense against injection attacks, SSL enforcement issues, information aggregation, and more.

5 trends in the future of software security

software security 2.jpgSoftware security—over the past decade, we’ve seen a lot of changes. At HP Protect, we'll be looking forward and discussing the 5 trends that you can expect to see in the future of software security.  

Sacrificing application security to meet demands? Not with HP Fortify!

HP-Fortify-On-Demand.jpgHP Protect is coming up fast, and there’s so much to take in while you’re there. Surrounded by the best in security, you’ll want to make time to attend a few HP Fortify demos. Remember: There's no need to sacrifice your application security when you've got HP Fortify in your corner!

Making the Case for Application Security Testing

small__5474825330.jpgRunning into the seemingly never-ending struggle to get some priority in your organization for application security testing? Consider the following thoughts which may aid your cause.

Looking Out and Looking In

insider_threat_solutions.jpgAre you testing your internal applications for vulnerabilities?  You really should be.

The Slow Death of Manual Testing

2014-06-04_11-51-21.pngWe’ve seen the future and the future is a bit more about an alarming trend in the assessment and security consulting industry.


File Inclusion – The Underdog of Security Vulnerabilities


 Not seen on OWASP's Top Ten since before 2010, that means file inclusion vulnerabilities don't exist anymore, right?

HP Fortify security solutions at HP Discover 2014

HP Discover.pngAt HP Discover, we offer hands-on activities for all attendees. Read more about session TNG3405, Fortify Security Solutions, in this post. 

How ShadowLabs empowers Fortify


meticon.pngAfter attending Defcon this year and talking with others in the industry, I realized that I need to let you in on our group here at Fortify On Demand.


Continue reading to learn the more about ShadowLabs and how you can join our advanced testing team.

Defend your mobile applications in a mobile society

WPImage_DefenseForMobileApps.jpgHave you noticed the shift in our society? It is not uncommon for everyone to be on their mobile devices at all times. The prevalence of these devices has created additional security threats for individuals and organizations alike. Continue reading to find out steps you can take today to better protect yourself and your organization.

Introducing Fortify On Demand

Welcome to the HP Fortify On Demand blog! In our first inaugural article we will introduce the latest offering from HP Fortify On Demand at

Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.