Application Security Basics

White Papers

The Case for Business Software Assurance

With the general concern around data security being focused on network firewalls and other devices to blockade the perimeter, hackers have begun to exploit the inherent application vulnerabilities that lie within the code itself. The adoption of SOA, AJAX and other web 2.0 technologies as well as the practice of leveraging third-party and open source software has compounded the risk of threat. Understand the threats that business enterprises face today, and more importantly, discover how to ensure the security of your online applications. Download The Case for BSA

Ten Questions You'd Better Ask Yourself to Be Sure Your Company's Assets Are Secure

What can you do to be certain your company’s software and assets are secure? Start by asking these ten questions. Download White Paper

Security Flaws in Your Enterprise Business Applications: The Hidden Threat to Business as Usual

As business has shifted from face-to-face interactions to anonymous electronic transactions, the impact of hackers and malicious insiders has risen to epic proportions – enabled by application security vulnerabilities in the software companies depend on. What has been the response to date, and how do you drive solutions to the software security timebomb? Download White Paper

Quality and Security in Software: Cumulative versus Absolute

It's common for people to think of software quality and software security as similar or even one and the same. This paper takes a closer look at how the two are very different. Download White Paper

Metrics That Matter: Quantifying Software Security Risk

Software security presents new measurement challenges: there are no established formulas or procedures for quantifying the security risk present in an application. This paper provides a set of metrics for ensuring an accurate and comprehensive view of software projects ranging from legacy systems to newly deployed Web applications. Download White Paper

Static Analysis for Security

Together with architectural risk analysis, code review for security ranks very high on the list of software security best practices. Find out how to automate source code security analysis with static analysis tools. This article was published in IEEE Security & Privacy Download White Paper

Webcasts & Videos

What You Need To Know To Protect Your Web Applications: A New Look At Application Firewalls

What You Need To Know To Protect Your Web Applications: A New Look At Application Firewalls Watch Webcast

The Top 10 Software Security Vulnerabilities

Matt Rose, Senior Software Security Consultant at Fortify Software, shares his findings from a year analyzing millions of lines of code. He unveils his top ten most common vulnerabilities and provides detailed examples of each. These technical examples come from his experience working with fortune 500 companies, government agencies, and major ISVs. Watch Webcast

Security Bites Podcast: Black Hat preview

CNET’s Robert Vamosi talks with Fortify’s Brian Chess, founder and chief scientist, and Jacob West, manager of the security research group. At this year’s Black Hat conference, they’ll be hosting an event called “Iron Chef Black Hat.”

Podcasts

Application Security Over-Confidence: Facts & Myths Revealed for Banking Institutions

Application security is a key focus of regulatory agencies. In a recent survey targeting the Banking industry conducted by Information Security Media Group, respondents say they are more confident in their own applications vs. those developed by third-party service providers ... yet, they really don't demonstrate vulnerability assessment or remediation processes to justify any level of confidence. In this exclusive interview, Roger Thornton, founder and CTO of Fortify Software, comments on the survey results and his own market perspective.