Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

The State of IoT Security (2015)


I just returned from IoT World 2015, which is held at Moscone Center in San Francisco. It's a decent sized event with a good spread of vendors, speakers, and panels.


What I'd like to do here is give some analysis of what the most common IoT conversations seem to be, where the vendors are playing, and what the security landscape looks like.



Tags: IoT| IoT Security
Labels: IoT| IoT Security

IoT is the Frankenbeast of Information Security

It seems that every time we introduce a new space in IT we lose 10 years from our collective security knowledge.


We started with network security, and even that isn't solid yet. But 20 years later we're doing pretty well there.


Then around 10 years ago we started talking about applications being the horizon technology, and we proceeded to build a global application portfolio ignoring the security lessons learned from the network world. 


Then, five years ago, we decided that mobile was the real place to be. So everyone started building mobile apps while ignoring everything we've learned from securing web and thick-client applications.


And now we have the Internet of Things (IoT). If we continued in this trend we'd have a new space that ignores the security lessons from mobile, but it's actually much worse than that.

Introducing the OWASP Internet of Things Top 10

Unknown.jpegWe're highly enthused to announce the initial (draft) version of the OWASP Internet of Things Top 10 project.


This project highlights ten key areas of risk for Internet of Things devices that span multiple attack surface areas.


HP Fortify on Demand has just completed a research project using this project as the basis for its testing methodology. Expect to hear about findings from this very soon.

Tags: appsec| infosec| IoT
Labels: appsec| infosec| IoT

HP Security and The Internet of Things


The Internet of Things is…well, many things. It's a combination of reality and hype, peril and promise, present and future. Gartner says that by the year 2020 there will be 30 billion Internet of Things devices, and the current technology market is brimming with competitors in this space.


In this short article we'll walk through what the Internet of Things is and isn't, talk about some of its security and privacy implications, and introduce a few initiatives HP Fortify on Demand is working on in this exciting and developing area.




Showing results for 
Search instead for 
Do you mean 
About the Author(s)
Top Kudoed Posts
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.