Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit www.hp.com/go/fortify

Understanding Cross-Frame Scripting

websec.jpgThere’s a lot of confusion around Cross-frame Scripting.

 

I’ve seen a number of online resources that describe it as just another type of Cross-site scripting, which only makes sense if you also misunderstand Cross-site scripting.

 

A significant part of the misunderstanding comes from authoritative sources being unclear at best—if not outright incorrect—in how they explain the issue…

Tags: webappsec| XSRF| XSS
Labels: webappsec| xsrf| XSS

The Secure Web Series, Part 3: Protecting Against Cross-site Request Forgery (CSRF)

Screen Shot 2014-03-10 at 3.13.15 PM.pngIn Part 3 of the Secure Web Series, we'll be talking about Cross-site Request Forgery (CSRF). CSRF is a wicked vulnerability that allows attackers to force victims to perform actions without their knowledge. 

 

We'll be talking about what CSRF is, how to look for CSRF within your own applications, and how to defend against it.

When To Choose Static vs. Dynamic Testing for a Website

Screen Shot 2013-11-05 at 3.01.32 PM.pngHere at Fortify on Demand we often get asked whether it's best to perform an adhoc website using static or dynamic testing.

 

Happily, we have the option to recommend either and both with our suite of solutions, but seperate from products it's worth looking at what sort of criteria would go into making such a decision.

 

 

An Introduction to the OWASP ASVS

The Open Web Application Security Project OWASP is well known for its Top 10 list, and perhaps for its testing methodology as well, but comparitively few people are aware of its Application Security Verification Standard (ASVS) Project

 

OWASP ASVS

 

The ASVS, as the name alludes to, is a standard for verifying the security of applications as opposed to a methodology for testing them. This is not a distinction without a difference, but rather a key piece missing from many appsec efforts...

Tags: owasp
Labels: OWASP| webappsec
Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.