Q3 2012 Update from Software Security Research

HP Software Security Research is pleased to announce the immediate availability of updates to HP WebInspect SecureBase (available via SmartUpdate), the HP Fortify Secure Coding Rulepacks (English language, version 2012.3.0.0008), and HP Fortify Runtime Rulepack Kits (version 2012.3.0.20). 

 

HP WebInspect SecureBase (WebInspect)

SecureBase combines checks for thousands of vulnerabilities with policies that guide users in identifying critical flaws in web applications under test. In summary, our latest release includes the following updates:

  • Session Management (OWASP Top Ten A3)
  • HTML5, XML HTTP Request (XHR)*, NoSQL CouchDB and MongoDB* enhancements
  • Cross-Site Scripting (XSS) filter bypass
  • Integrated Secure Sockets Layer (SSL) Testing* (OWASP Top Ten A9)
  • Mobile Attack Surface Enumeration*
  • Seven Pernicious Kingdoms Support*

HP Fortify Secure Coding Rulepacks (SCA)

As of this release, the Fortify Secure Coding Rulepacks detect 532 unique categories of vulnerabilities across 21 programming languages and over 710,000 individual APIs.  In summary, our latest update includes the following features:

  • Java 7
  • Microsoft ASP.NET MVC
  • DISA STIG 3.4

HP Fortify Runtime Rulepack Kits (RTA and SecurityScope)

As of this release, the HP Fortify Runtime Rulepack Kits detect 40 unique categories with RTA, 22 unique categories with AppSM, 13 unique categories with SecurityScope, and 10 unique categories for Dynamic Taint Analysis. In summary, the release covers:

 

RTA and AppSM Rulepack Kit

  • 4 New Categories

SecurityScope Rulepack Kit

  • CAPTCHA Framework Bypass
  • User Account Protections

Premium Content

SSR continues to extend and build upon security artifacts outside HP WebInspect SecureBase, the Fortify Secure Coding Rulepacks, and Fortify Runtime Rulepack kits.

  • DISA STIG 3.4 Report^

As always, we hope that you have found our products helpful and we welcome any feedback you have. 

 

* Requires HP WebInspect 9.3 (upcoming) or later
^ Requires HP SSC 3.60 (upcoming) or later

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation