Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

Application Security Testing – A journey from XSS to System Shell


Is it possible to go from a Cross-Site Scripting (XSS) flaw to obtain a system shell? During a web application security test earlier this year, I noticed an XSS flaw that allowed me to do just that. So how do we go from XSS to server access? Read on to find out!



Understanding Cross-Frame Scripting

websec.jpgThere’s a lot of confusion around Cross-frame Scripting.


I’ve seen a number of online resources that describe it as just another type of Cross-site scripting, which only makes sense if you also misunderstand Cross-site scripting.


A significant part of the misunderstanding comes from authoritative sources being unclear at best—if not outright incorrect—in how they explain the issue…

Tags: webappsec| XSRF| XSS
Labels: webappsec| xsrf| XSS
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.