HP launches free service to secure mobile, Web apps

Cloud-based service is limited while Fortify On Demand is paid service for full checkup

HP says it now has a free service called "Fortify My App" that lets anyone building mobile or Web applications upload code to the Fortify software-as-a-service and get a limited analysis about whether the code has specific vulnerabilities or design flaws.

The free service is still considered to be in beta, according to Mike Armistad, vice president and general manager of enterprise security products at Fortify, a division of HP. But the idea is that anyone can visit the "Fortify My App" site to receive a free report within 24 hours about their client/server Web application or mobile app, whether it be for iPhone, Google Android, Windows Mobile, or BlackBerry.

[RELATED: Malware-detecting "sandboxing" technology no silver bullet]

[NEWS: IRS uncorks Dirty Dozen Tax Scams for 2013]

MIke Armistead

Mike Armistead

The service focuses on a limited number of specific vulnerabilities, such as cross-site scripting, Armistad says. It's a way to introduce potential customers to the paid software-as-a-service "Fortify On Demand", which comprehensively checks code for vulnerabilities.

Armistad says mobile apps can have the same kind of vulnerabilities that other applications do. But what is frequently seen in mobile apps are security deficiencies such as "they're storing credentials in memory" or "passing credentials in cleartext," he pointed out. Another problem in mobile apps is they have "information-leaking vulnerabilities" in which data is exposed when it shouldn't be.

The free service FortifyMyApp is available here.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies