Security Research
Showing results for 
Search instead for 
Do you mean 

Q4 2012 Update from Software Security Research

joe_sechman ‎11-30-2012 04:30 PM - edited ‎11-30-2012 04:34 PM

HP Software Security Research is pleased to announce the immediate availability of updates to HP WebInspect SecureBase (available via SmartUpdate), the HP Fortify Secure Coding Rulepacks (English language, version 2012.4.0.0006), and HP Fortify Runtime Rulepack Kits (version 2012.4.0.40).


HP WebInspect SecureBase (WebInspect)

SecureBase combines checks for thousands of vulnerabilities with policies that guide users in identifying critical weaknesses in web applications under test. In summary, our latest release includes the following updates:


Session Management

Capabilities to detect insecure domain access policies for session cookies and predictable session identifiers are now available as enhanced features.


NoSQL and Server-Side JavaScript

Expanded capabilities have been added to detect poor input validation routines that affect applications powered by emerging technologies such as MongoDB and Node.js.


Enhanced Injection Attacks

Additional techniques, such as expression language injection and HTTP parameter pollution, have been added to an already robust collection of injection attacks.


Compliance Templates

Support for the latest version of the Defense Information Systems Agency (DISA) Application Security and Development STIG, 3.4.


Enhanced Vulnerability Descriptions

Improved visualizations have been added for common input injection attacks to convey exploitation concepts and affected application components more clearly. 


HP Fortify Secure Coding Rulepacks (SCA)

As of this release, theFortify Secure Coding Rulepacks detect 549 unique categories of vulnerabilities across 21 programming languages and over 715,000 individual APIs.  In summary, our latest update includes the following features:


Microsoft .NET Entity Framework

Expanded ADO.NET coverage now supports the .NET Entity Framework (EF). New rules cover model-first and schema-first use of the framework.


Apache Hadoop

Initial support for applications utilizing the Apache Hadoop framework covers 10 categories (two unique to Hadoop), spanning all major packages of Hadoop Common.


Google Android Enhancements

Enhancements to Android this quarter include accuracy improvements to existing rules related to the correct use of permissions, recognition of JavaScript taint sources, and 10 new categories.


PHP Zend Framework 1.x

Initial support for version 1.x of the Zend PHP framework covers 14 modules, 21 existing categories and one new category.


PHP DOMXPath and Standard Library Enhancements

Support for ADODb, SPL (Standard PHP Library), PHP DOM, PHP SimpleXML, PHP XML Parser, PHP DOMXPath, and Zorba XQuery libraries.


2011 CWE/SANS Top 25

Support for the (current) 2011 CWE/SANS Top 25 Most Dangerous Software Errors.


HP Fortify Runtime Rulepack Kits

As of this release, the HP Fortify Runtime Rulepack Kits detect 42 unique categories with RTA, 22 unique categories with AppSM, 13 unique categories for SecurityScope, and 10 unique categories for Runtime Taint. In summary, this update includes the following:


RTA and AppSM Rulepack Kit

Enhanced support in existing categories, such as Session Fixation, and two additional categories: Hidden Field Manipulation and Leftover Debug Code.


SecurityScope Rulepack Kit

Identifies improper logging practices and enhances detection of core categories, such as SQL Injection and Cross-Site Scripting. Support for Java 7, IIS7, and .NET REST attack surface enumeration has also been added.


Premium Content

SSR continues to extend and build upon security artifacts outside HP WebInspect SecureBase, the Fortify Secure Coding Rulepacks, and Fortify Runtime Rulepack kits.


  • 2011 CWE/SANS Top 25 Report
  • LATAM Hardcoded Password Rulepack
  • ABAP Template for Custom Rules Editor

As always, we hope that you have found our products helpful and we welcome any feedback you may have.

0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all