HPE Fortify and the Internet of Things

Late in 2013, there was a lot of talk about the Internet of Things, and a bit about IoT security, but nothing that focused on the complete security picture, so a couple of guys on the Fortify on Demand team decided to start the OWASP Internet of Things Top 10 Project, which aims to educate on the main facets of Internet of Things Security that people should be concerned with.

Then in 2014, that project was used as a baseline for testing the top 10 IoT devices in use and the 2014 Internet of Things Research Study. Next, the team tested top home security systems and most recently, smartwatches. All tests leverage HPE Fortify on Demand using standard testing techniques that combine manual testing along with the use of automated tools. Devices and their cloud, network, and client application components are also assessed based on the OWASP Internet of Things Top 10 list and the specific vulnerabilities associated within each category.

Just Released


Internet of Things Security Study: Smartwatches

    Get the Report    


Additional Reports


Internet of Things State of the Union Internet of Things Research Study: Home Security Systems

The initial report analyzing IoT devices from manufacturers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales, and garage door openers.

    Get the Report    


A study of 10 connected home security systems with a myriad of features including door/window sensors, motion detectors, video cameras and recording mechanisms – all connected via the cloud to a mobile device or the web.

    Get the Report    




Securing the Internet of Things

Find weak links in connected devices using HPE Fortify on Demand

Let Fortify on Demand help you build security into your smart devices and patch up all the loopholes before release.

  • Comprehensive security testing across device, network, Web app, mobile app, and cloud
  • Time to market—without risking security
  • Fully managed service—no security experts to hire, train, and retain—and it need not be done in-house

    Get the Solution Brief    


Project Leads

Craig Smith, Senior Security Researcher

Daniel Miessler, Practice Principle