Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit www.hp.com/go/fortify

What You Need to Know About the FREAK SSL Vulnerability

Screen Shot 2015-03-03 at 1.42.18 PM.pngThere's a new SSL vulnerability out called FREAK.

 

Here's what you need to know about it.

 

  • It's a cipher strength issue, i.e. it makes it easy to break keys in mere hours
  • Successfully breaking those keys means gaining access to the data encrypted in the SSL session
  • It's legacy functionality based on encryption export laws
  • The solution is to patch both the server side (your version of SSL in your webserver) and the client side (if you're using a vulnerable browser)

…continued…

Tags: appsec| FREAK| infosec| SSL
Labels: appsec| FREAK| infosec| SSL

Insight on the SSLv3 POODLE Vulnerability

Poodle-3.jpgThe SSLv3 POODLE attack has been publicly released. Now the questions are being asked about the risks that are involved with the attack and what the steps are to mitigate. We will break down the POODLE attack to the basics to help answer these questions.

Thoughts on the Heartbleed Bug

heartbleed.pngThe Heartbleed bug is big. It's bigger than most thought it was when they heard about it, and now that the patching dance has begun, people are finally starting to feel the weight of it.

 

In this short article, we'll cover some basics (what the bug is, what the risks are to organizations) and we'll offer some analysis and commentary, as well.

Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.