HP Helps Businesses Defend Against Malicious Web Attacks with New Application Security Offerings

26/05/2008

HP Helps Businesses Defend Against Malicious Web Attacks with New Application Security Offerings

HP today announced major updates to its application security software as well as a new software-as-a-service offering to help businesses minimize the risk of security breaches due to hacker attacks and safeguard against theft of sensitive customer information.

The new release of HP Application Security Center helps organizations discover, fix and prevent security vulnerabilities in their web applications. New features in the software help bridge the gaps that exist among development, quality assurance, operations and security teams within an IT organization.

This lifecycle approach helps companies comply with government and industry regulations, such as the Federal Information Security Management Act, the Health Insurance Portability and Accountability Act, the Payment Card Industry Data Security Standard, and the European Union Directive on Privacy and Electronic Communications.

"While customer-facing applications may be the lifeblood of a business, if they are not secured, they can provide an open door for hackers to a company's most sensitive data," said Joseph Feiman, vice president and Gartner fellow, Gartner. "Organizations must not only find security vulnerabilities in their applications, they must fix them and be vigilant about prevention throughout the application lifecycle, from requirements definition, development and testing, through production."

In a recent survey of 1,000 IT professionals worldwide, 80 percent said that responsibility for application security falls to their security or operations teams, while less than 27 percent said that their development or quality assurance teams share the responsibility.(1)

"Technology underpins our entire business, and our IT organization strives to deliver predictable outcomes," said Christopher Rence, chief information officer and vice president, Fair Isaac Corporation. "One of the solutions we rely upon to do this is HP Application Security Center, which provides a comprehensive capability for testing, remediation and prevention throughout our development lifecycle."

According to the Web Application Security Consortium, an international group of application security experts and industry practitioners, more than 40 percent of web hacking incidents are aimed at stealing personal information. Such "personal records" are easily traded on the Internet, which makes them the easiest virtual commodity to exchange for money.(2)

Customer adoption

Since the acquisition of SPI Dynamics in 2007, HP has increased its investment in research, product enhancements and new services in the application security area, boosting customer adoption. As a result, five of the top six banks, three of the top four food market companies, four of the top six insurance companies, and five of the top seven public companies in the world, as ranked by the Forbes Global 2000(3) use HP Application Security Center to protect their web applications from security threats.

"As a mobile data services provider, our clients require applications that are ready when needed, highly available and secure," said Jes Beirholm, director of information security at Denmark-based End2End VAS ApS. "HP Application Security Center helps us stay ahead of potential security issues so we can provide our customers thoroughly tested services and applications. It also helps us deliver on time by reducing our security testing time from a week to one hour."

New research helps businesses stay ahead of hacker threats

To help organizations stay ahead of the ever-changing security threats hackers invent every day, the HP Web Security Research Group, which includes many renowned experts in the security field, has added and updated checks in HP Application Security Center for rich Internet applications, including critical vulnerabilities in Apache and MySpace plug-ins.

The new security checks are automatically updated for existing customers within 24 hours. In addition, the group researched new security issues for Web 2.0 technologies, including Asynchronous JavaScript and XML (AJAX), Adobe® Flash and Microsoft® Silverlight.

Major product updates boost lifecycle approach to application security

HP Application Security Center includes HP Assessment Management Platform as the foundation of the solution, with HP DevInspect for developers, HP QAInspect for quality assurance teams and HP WebInspect for operations and security experts. This allows customers to successfully find, fix and prevent security vulnerabilities. Enhancements to HP Application Security Center increase efficiency for these teams and help them integrate these security practices into their existing application lifecycle processes.

  • HP DevInspect provides improved hybrid analysis that combines static and dynamic analysis to help find the true vulnerabilities. Remediation efforts can then be focused on the highest risk security defects. It provides a clear path for developers to build secure code within their integrated development environments. Support is available for Microsoft Visual Studio 2008, Visual Studio 2005 and Eclipse.
  • HP QAInspect includes the first advanced security defect management capability integrated with market-leading HP Quality Center software. With defect staging and consolidation capabilities, application teams can filter, prioritize and assign defects based on risk to the business. This makes security defect information available to the whole application lifecycle team, including development, quality assurance, operations and security. Security problems are then detected and fixed more rapidly.
  • HP WebInspect has been enhanced with faster runtimes and improved scanning accuracy for the security vulnerabilities that hackers most frequently exploit. These include cross-site scripting and SQL injection. This helps IT operations and security teams more efficiently find and fix the security defects that matter.

New software as a service offering

HP Assessment Management Platform, the foundation of HP Application Security Center, will be offered through HP Software-as-a-Service (SaaS). Customers can quickly and cost-effectively centralize all of their web application security assessment programs into a complete solution maintained and managed by HP SaaS.

"Hacker attacks are a critical concern for IT organizations of all sizes. Now customers can get up and running quickly and involve the right teams to minimize this risk," said Jonathan Rende, vice president of products, Software, HP. "HP is helping customers address their biggest application security challenges with new software-as-a-service offerings, product enhancements and research breakthroughs from our security experts."

HP also provides turnkey web application security assessment and penetration testing services performed by application security experts. These services use the HP SaaS offering to accelerate the assessment of an application's vulnerabilities and help customers reduce and manage risks associated with web applications that affect their business.

Availability

Enhancements to HP Application Security Center are available today. The new services are planned to be available in August.

HP Application Security Center is part of the HP Secure Advantage portfolio, which helps organizations improve protection of data and resources while validating regulatory compliance across their entire infrastructure.

To learn more, download a whitepaper on preventing malicious web attacks at www.hp.com/go/stophackers.