Software helps businesses defend against Web attacks.
August 19, 2008 -
By bridging gaps among development, quality assurance, operations, and security teams within IT organization, HP Application Security Center helps discover, fix, and prevent security vulnerabilities in Web applications. Security checks are automatically updated, and lifecycle approach helps companies comply with government and industry regulations. Solution also addresses security issues for Web 2.0 technologies, including AJAX, Adobe® Flash, and Microsoft® Silverlight.
(Archive News Story - Products mentioned in this Archive News Story may or may not be available from the manufacturer.)
|Original Press release |
Hewlett-Packard Co. (Corporate Headquarters)
3000 Hanover St.
Palo Alto, CA, 94304-1185
HP Helps Businesses Defend Against Malicious Web Attacks with New Application Security Offerings
HP today announced major updates to its application security software as well as a new software-as-a-service offering to help businesses minimize the risk of security breaches due to hacker attacks and safeguard against theft of sensitive customer information.
The new release of HP Application Security Center helps organizations discover, fix and prevent security vulnerabilities in their web applications. New features in the software help bridge the gaps that exist among development, quality assurance, operations and security teams within an IT organization.
This lifecycle approach helps companies comply with government and industry regulations, such as the Federal Information Security Management Act, the Health Insurance Portability and Accountability Act, the Payment Card Industry Data Security Standard, and the European Union Directive on Privacy and Electronic Communications.
"While customer-facing applications may be the lifeblood of a business, if they are not secured, they can provide an open door for hackers to a company's most sensitive data," said Joseph Feiman, vice president and Gartner fellow, Gartner. "Organizations must not only find security vulnerabilities in their applications, they must fix them and be vigilant about prevention throughout the application lifecycle, from requirements definition, development and testing, through production."
In a recent survey of 1,000 IT professionals worldwide, 80 percent said that responsibility for application security falls to their security or operations teams, while less than 27 percent said that their development or quality assurance teams share the responsibility.(1)
"Technology underpins our entire business, and our IT organization strives to deliver predictable outcomes," said Christopher Rence, chief information officer and vice president, Fair Isaac Corporation. "One of the solutions we rely upon to do this is HP Application Security Center, which provides a comprehensive capability for testing, remediation and prevention throughout our development lifecycle."
According to the Web Application Security Consortium, an international group of application security experts and industry practitioners, more than 40 percent of web hacking incidents are aimed at stealing personal information. Such "personal records" are easily traded on the Internet, which makes them the easiest virtual commodity to exchange for money.(2)
Since the acquisition of SPI Dynamics in 2007, HP has increased its investment in research, product enhancements and new services in the application security area, boosting customer adoption. As a result, five of the top six banks, three of the top four food market companies, four of the top six insurance companies, and five of the top seven public companies in the world, as ranked by the Forbes Global 2000(3) use HP Application Security Center to protect their web applications from security threats.
"As a mobile data services provider, our clients require applications that are ready when needed, highly available and secure," said Jes Beirholm, director of information security at Denmark-based End2End VAS ApS. "HP Application Security Center helps us stay ahead of potential security issues so we can provide our customers thoroughly tested services and applications. It also helps us deliver on time by reducing our security testing time from a week to one hour."
New research helps businesses stay ahead of hacker threats
To help organizations stay ahead of the ever-changing security threats hackers invent every day, the HP Web Security Research Group, which includes many renowned experts in the security field, has added and updated checks in HP Application Security Center for rich Internet applications, including critical vulnerabilities in Apache and MySpace plug-ins.
Major product updates boost lifecycle approach to application security
HP Application Security Center includes HP Assessment Management Platform as the foundation of the solution, with HP DevInspect for developers, HP QAInspect for quality assurance teams and HP WebInspect for operations and security experts. This allows customers to successfully find, fix and prevent security vulnerabilities. Enhancements to HP Application Security Center increase efficiency for these teams and help them integrate these security practices into their existing application lifecycle processes.
o HP DevInspect provides improved hybrid analysis that combines static and dynamic analysis to help find the true vulnerabilities. Remediation efforts can then be focused on the highest risk security defects. It provides a clear path for developers to build secure code within their integrated development environments. Support is available for Microsoft Visual Studio 2008, Visual Studio 2005 and Eclipse.
o HP QAInspect includes the first advanced security defect management capability integrated with market-leading HP Quality Center software. With defect staging and consolidation capabilities, application teams can filter, prioritize and assign defects based on risk to the business. This makes security defect information available to the whole application lifecycle team, including development, quality assurance, operations and security. Security problems are then detected and fixed more rapidly.
o HP WebInspect has been enhanced with faster runtimes and improved scanning accuracy for the security vulnerabilities that hackers most frequently exploit. These include cross-site scripting and SQL injection. This helps IT operations and security teams more efficiently find and fix the security defects that matter.
New software as a service offering
HP Assessment Management Platform, the foundation of HP Application Security Center, will be offered through HP Software-as-a-Service (SaaS). Customers can quickly and cost-effectively centralize all of their web application security assessment programs into a complete solution maintained and managed by HP SaaS.
"Hacker attacks are a critical concern for IT organizations of all sizes. Now customers can get up and running quickly and involve the right teams to minimize this risk," said Jonathan Rende, vice president of products, Software, HP. "HP is helping customers address their biggest application security challenges with new software-as-a-service offerings, product enhancements and research breakthroughs from our security experts."
HP also provides turnkey web application security assessment and penetration testing services performed by application security experts. These services use the HP SaaS offering to accelerate the assessment of an application's vulnerabilities and help customers reduce and manage risks associated with web applications that affect their business.
Enhancements to HP Application Security Center are available today. The new services are planned to be available in August.
HP Application Security Center is part of the HP Secure Advantage portfolio, which helps organizations improve protection of data and resources while validating regulatory compliance across their entire infrastructure.
To learn more, download a whitepaper on preventing malicious web attacks at www.hp.com/go/stophackers.
HP focuses on simplifying technology experiences for all of its customers - from individual consumers to the largest businesses. With a portfolio that spans printing, personal computing, software, services and IT infrastructure, HP is among the world's largest IT companies, with revenue totaling $110.4 billion for the four fiscal quarters ended April 30, 2008. More information about HP (NYSE: HPQ) is available at http://www.hp.com.
(1) Vanson Bourne, Survey, May 2008.
(2) Web Application Security Consortium, "The Web Hacking Incidents Database 2007 Annual Report," February 2008.
(3) Forbes, "The Global 2000," April 2008.
Adobe is a trademark of Adobe Systems Inc. Microsoft is a U.S. registered trademark of Microsoft Corp.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.