Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

3 things you can do today to improve the security of your web or mobile application

J_G_Lynn ‎04-03-2014 03:16 AM - edited ‎07-07-2015 12:10 PM

Have you been thinking about taking steps to make sure your company isn't the next security breach headline? All the major software companies agree…it is better to do anything at all than do nothing. In other words, just get started. Take a look at the latest new book on threat modeling by Adam Shostack, Microsoft’s Threat Modeling Expert, who commands in his title for Chapter 1 – “Dive Right in and Threat Model." But you don’t even have to open the book to get ideas on where to start! On the back cover of the book he lists 7 bullet items which summarize the contents. Bullet #1:

  • “Find and fix security issues before they hurt you or your customers.”

So where do you start? Think it will take months to change how your organization develops software? Here are 3 simple things you can do today to get started:


1. Talk to your developers.

Or better yet, take a developer to lunch. Developers are the ones who write the code so why not start there? Whether you have a code assurance program in place or are just now becoming aware of the value of reviewing and testing code, the developers are the ones who can either be your best friend or your worst enemy. (See the blog Don’t Play the AppSec Blame Game: Positive Interactions Between the Security and Development Teams)


2. Start Threat Modeling.

Your organization should set its own standard. This doesn't have to be as hard as it sounds. If you don't want to create one from scratch, you can adopt an existing one. You can find many such models on the web - a few common ones can be found on the OWASP Threat Risk Modeling page.


3. Identify the top critical vulnerabilities in your software.

Often the most critical vulnerabilities are the easiest to find and the simplest to fix. This can be as easy as having a peer review your code. Or you can submit it to HP's Fortify on Demand and have your entire application reviewed for you. HP's new website Pronq allows you to try the software that helps you get stuff done - right here, right now. Just go to , go to the Fortify on Demand tab, and click on the [Try Me] button.


  1. Talk to your developers
  2. Start Threat Modeling
  3. Identify the top vulnerabilities in your web and mobile applications with Fortify on Demand.

Try it for free at 

0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all