HP Helps Businesses Defend Against Malicious Web Attacks with New Application Security Offerings

Business Wire, May 27, 2008

PALO ALTO, Calif. -- HP (NYSE:HPQ) today announced major updates to its application security software as well as a new software-as-a-service offering to help businesses minimize the risk of security breaches due to hacker attacks and safeguard against theft of sensitive customer information.

The new release of HP Application Security Center helps organizations discover, fix and prevent security vulnerabilities in their web applications. New features in the software help bridge the gaps that exist among development, quality assurance, operations and security teams within an IT organization.

This lifecycle approach helps companies comply with government and industry regulations, such as the Federal Information Security Management Act, the Health Insurance Portability and Accountability Act, the Payment Card Industry Data Security Standard, and the European Union Directive on Privacy and Electronic Communications.

"While customer-facing applications may be the lifeblood of a business, if they are not secured, they can provide an open door for hackers to a company's most sensitive data," said Joseph Feiman, vice president and Gartner fellow, Gartner. "Organizations must not only find security vulnerabilities in their applications, they must fix them and be vigilant about prevention throughout the application lifecycle, from requirements definition, development and testing, through production."

In a recent survey of 1,000 IT professionals worldwide, 80 percent said that responsibility for application security falls to their security or operations teams, while less than 27 percent said that their development or quality assurance teams share the responsibility.(1)

"Technology underpins our entire business, and our IT organization strives to deliver predictable outcomes," said Christopher Rence, chief information officer and vice president, Fair Isaac Corporation. "One of the solutions we rely upon to do this is HP Application Security Center, which provides a comprehensive capability for testing, remediation and prevention throughout our development lifecycle."

According to the Web Application Security Consortium, an international group of application security experts and industry practitioners, more than 40 percent of web hacking incidents are aimed at stealing personal information. Such "personal records" are easily traded on the Internet, which makes them the easiest virtual commodity to exchange for money.(2)

Customer adoption

Since the acquisition of SPI Dynamics in 2007, HP has increased its investment in research, product enhancements and new services in the application security area, boosting customer adoption. As a result, five of the top six banks, three of the top four food market companies, four of the top six insurance companies, and five of the top seven public companies in the world, as ranked by the Forbes Global 2000(3) use HP Application Security Center to protect their web applications from security threats.

"As a mobile data services provider, our clients require applications that are ready when needed, highly available and secure," said Jes Beirholm, director of information security at Denmark-based End2End VAS ApS. "HP Application Security Center helps us stay ahead of potential security issues so we can provide our customers thoroughly tested services and applications. It also helps us deliver on time by reducing our security testing time from a week to one hour."

New research helps businesses stay ahead of hacker threats

To help organizations stay ahead of the ever-changing security threats hackers invent every day, the HP Web Security Research Group, which includes many renowned experts in the security field, has added and updated checks in HP Application Security Center for rich Internet applications, including critical vulnerabilities in Apache and MySpace plug-ins.

The new security checks are automatically updated for existing customers within 24 hours. In addition, the group researched new security issues for Web 2.0 technologies, including Asynchronous JavaScript and XML (AJAX), Adobe[R] Flash and Microsoft[R] Silverlight.

Major product updates boost lifecycle approach to application security

HP Application Security Center includes HP Assessment Management Platform as the foundation of the solution, with HP DevInspect for developers, HP QAInspect for quality assurance teams and HP WebInspect for operations and security experts. This allows customers to successfully find, fix and prevent security vulnerabilities. Enhancements to HP Application Security Center increase efficiency for these teams and help them integrate these security practices into their existing application lifecycle processes.

* HP DevInspect provides improved hybrid analysis that combines static and dynamic analysis to help find the true vulnerabilities. Remediation efforts can then be focused on the highest risk security defects. It provides a clear path for developers to build secure code within their integrated development environments. Support is available for Microsoft Visual Studio 2008, Visual Studio 2005 and Eclipse.