Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

Validating SQL injection security findings with WebInspect’s SQL Injector tool

In the process of application security testing, vulnerability scanning tools like HP WebInspect will report that they’ve found a SQL injection vulnerability. Because this type of vulnerability will sometimes produce a false positive, it is important to validate the finding.

Tags: Fortify

How HP is making it matter when it comes to cybersecurity

MiM-Phase1-Image15.jpgSee how HP’s next-generation security solutions are helping 10,000+ companies stay safe from cyberattacks and other security threats. 

Labels: HP| security

HP Security and The Internet of Things


The Internet of Things is…well, many things. It's a combination of reality and hype, peril and promise, present and future. Gartner says that by the year 2020 there will be 30 billion Internet of Things devices, and the current technology market is brimming with competitors in this space.


In this short article we'll walk through what the Internet of Things is and isn't, talk about some of its security and privacy implications, and introduce a few initiatives HP Fortify on Demand is working on in this exciting and developing area.




Looking back on a decade of Fortify

calendar.jpgIt’s been 11 years since I founded Fortify, and I’m still at it. But, it’s fun to look back and see just how far we’ve come…and even more fun to see where we’re headed. 

Labels: HP| security

Ethical there a benefit when it comes to security?

Ethical, or legal, hacking is in the news every day. Is this really a saving grace for cybersecurity? hacked.jpg

Labels: HP| security

10 ways your mobile phone leaks your sensitive information

Mobile Data Leakage.pngWe all use mobile phones, but few of us are aware of how careless they can be with our information.


It's not really the phones by themselves, though. It's the applications and how they interact with the operating system.


This article will walk through a few of the common dangers to your data security and privacy that come from poorly coded mobile applications.

HP Security and CSC team up to announce AppSec on Demand

Cyber threats are on the rise and are growing in complexity. Read on to see how organizations can cut down on operational expenses, which maintaining an aggressive security posture. 

Labels: HP| security

3 things you can do today to improve the security of your web or mobile application

fod_review.pngHave you been thinking about taking steps to make sure your company isn't the next security breach headline? All the major software companies agree…it is better to do anything at all than do nothing. In other words, just get started.

Labels: HP| security

The Vuln Less Common series, Part 1: Mass Assignment Vulnerabilities

search-icon-red-th.pngIn this series, we'll seek to go beyond the well-known and dive into some of the less common, but still significant, vulnerabilities often overlooked.

Tags: fod| Fortify
Labels: HP| security

5 Reasons Jailbreaking Your Phone is a Bad Idea

 Screen Shot 2014-01-07 at 3.07.13 PM.pngAs you may already know, the Evasi0n7 jailbreak for iOS7 was released during the holidays, and many scrambled to get it installed as soon as possible.


What many don’t know is how utterly bad jailbreaking is for your device. Let us count the ways…

Certificate Pinning for Mobile Applications


Here at Fortify on Demand, one of the most common surprises for customers when they see their results from one of our Mobile Application Assessments is that we were able to view and modify all traffic passing between their mobile device and their mobile backend—commonly called a Man in the Middle (MiTM) attack.


Certificate Pinning is a solution that many implement to counter this, but there is a general lack of understanding around thetechnique. Many think (incorrectly) that it's a silver bullet for traffic interception and aren't aware of the potential downsides.


This article will give an overview of mobile certificate pinning and will cover basics, misconceptions, implementation, gotchas, and generally get you up to speed on the topic.

Mobile Security: Threat Modeling Apple's TouchID

Screen Shot 2013-09-24 at 10.32.11 AM.png


There are three main ways that mobile devices are attacked. With TouchID, Apple is trying to increase mobile device security and protect your device from attacks. 


But is it really effective? Keep reading to hear my thoughts on this technology and what it means for InfoSec.  


Tags: 5s| apple| iphone| TouchID

Announcing HP ArcSight Application View-protect your applications

Arcsight application view.pngWith the evolution of threats targeting applications as the weakest link in the security

ecosystem, it’s becoming more and more difficult to keep your information safeguarded. See how HP ArcSight Application View can help

Changes in OWASP Top 10 reflect increasing complexity of security

OWASP.pngOne of the biggest complaints I hear from security guys, is that they don’t have an objectionable/non-subjective way to measure security…


Continue reading to find out how the top 10 vulnerabilities OWASP characterizes have changed over the past decade.

2 Reasons iOS is More Secure Than Android



When I tell people I test the security of mobile applications one of the most common questions people ask is, "Which platform is more secure: Android or iOS?"


There are many ways to answer this, but each of them have their issues. You can look at malware stats, you can look at marketshare, you can look at lists of vulnerabilities. But at some point you're comparing apples and...well, not apples.


There are always other factors, one of which being the user bases. Are people buying the cheapest phones available making the same security choices as those buying the more expensive and popular options? And if not, then aren't we then dealing with poor security choices instead of an insecure platform?


Two Points 


This all being true, there are two reasons iOS will continue to be the more secure platform going forward. Not only will it be more secure, but its position as security lead will actually grow.

Labels: Android| iOS| mobile| security
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.