HP Launches Application Security Solutions to Help Customers Prevent Web Attacks

PALO ALTO, Calif., HP today announced major new releases of its application security software designed to help companies lower costs and protect against malicious web attacks by hackers.

The new offerings are part of HP Application Security Center, a suite of software and services that helps companies ensure the security of their web applications by helping them discover, fix and prevent vulnerabilities that can be exploited by hackers. This video demonstrates one potential vulnerability.

New offerings include:

* HP Assessment Management Platform 8.0 – helps customers reduce costs and mitigate application risk across the enterprise through a distributed, scalable web application security testing platform.
* HP WebInspect 8.0 – helps customers thoroughly analyze complex web applications. This new release delivers fast, accurate security testing and remediation capabilities for web applications, including those built on emerging Web 2.0 technologies.
* HP Software-as-a-Service (SaaS) Project Services for Application Security Center – help customers rapidly and cost-effectively implement their application security initiatives with a complete solution maintained and managed by HP.

“The cost of application security breaches, especially those that result in data being compromised, can be substantial,” said Chenxi Wang, principal analyst, Security and Risk Management, Forrester Research, Inc. “Forrester estimates that cost per record for a security breach is approximately $305 for companies in a highly regulated industry. This cost can be prohibitively high for companies that handle hundreds of thousands or millions of data records.”

With the new offerings from HP, IT executives can prioritize security issues by identifying the assets and data that matter most to their business. This approach allows organizations to focus their limited security resources on issues that have the greatest business impact. For example, organizations can prioritize security efforts for applications associated with credit card transactions and bring them into compliance with security guidelines from the Payment Card Industry (PCI).

“To ensure that our web applications are secure, we have incorporated security testing into every facet of our quality assurance and web application development life cycle,” said Erika Pecciotto, executive director of enterprise technology and quality, Sony Pictures Entertainment. “With HP Application Security Center, which is integrated with HP’s quality and performance testing solutions, our team of highly skilled security experts is now able to increase our security capabilities across our 25 development groups.”

Center of Excellence model improves security coverage, cuts costs

HP Assessment Management Platform 8.0 software helps customers set up a Center of Excellence (CoE) for application security. In a CoE model, a small team of security experts helps analyze the results of security tests that are implemented by people that may not have security expertise.

By using this model to test applications for security vulnerabilities within existing development, quality assurance and operations processes, organizations can increase security coverage across the enterprise at minimal cost. In addition, this model helps organizations find and fix security vulnerabilities earlier in the application design process which helps lower costs.

HP Assessment Management Platform 8.0 software helps customers:

* Prioritize security issues based on the needs of the business, thereby focusing limited resources in areas that are needed the most.
* Secure more applications with a small team of specialized application security experts by using a CoE model. This is enabled with new reporting capabilities and a new feature that lets users see how a remote scan is proceeding.

HP WebInspect 8.0 and HP Assessment Management Platform 8.0 software, which are based on the same testing and reporting code, help customers:

* Find and fix security vulnerabilities in Web 2.0 applications with new static analysis capabilities for applications built on the Adobe® Flash platform and path tracing for dynamic JavaScript/Ajax applications.
* Automate scans that previously could only be completed manually with support for Java™ Model View Control applications and new depth-first crawling capabilities that can find more security vulnerabilities.
* Save time with automation features for faster assessment setup and out-of-the-box reporting features.

The new HP SaaS for Application Security Center Project Services provide full scanning and penetration testing services that are designed to:

* Supplement customer security teams during critical projects or peak testing periods.
* Provide expertise around the scanning requirements of Web 2.0 technologies.
* Provide guidance on how to build out an effective compliance-driven web application security scanning practice across the entire enterprise.

HP Software Professional Services provides a full line of education, consulting and packaged services to help customers quickly adopt an effective application security program. These services help customers rapidly deploy HP WebInspect software and develop an Application Security Center of Excellence.

In addition, services provided by EDS, an HP company, help customers secure applications to reduce the risk of vulnerabilities. Additionally, Testing and Quality Assurance Services from EDS provide code scanning and application security testing from a global network of testing centers to ensure applications meet business expectations for security.

“HP Application Security Center helps IT organizations manage the growing risk of security breaches that take place through web applications,” said Jonathan Rende, vice president and general manager, Business Technology Optimization Applications, Software and Solutions, HP. “Today’s application modernization efforts are creating a better end-user experience but it may also produce websites that are more vulnerable to hackers.”

Availability

HP WebInspect 8.0 and HP Assessment Management Platform 8.0 are available now as licensed software products. HP Assessment Management Platform is expected to be available through HP SaaS in May.

HP WebInspect 8.0 and HP Assessment Management Platform 8.0 will be demonstrated at the RSA 2009 Conference in San Francisco, April 20-24, booth 246. They will also be featured at HP Software Universe 2009 in Las Vegas, June 16-18.

More information on the product launch is available at www.hp.com/go/stophackers.

About HP
HP, the world’s largest technology company, simplifies the technology experience for consumers and businesses with a portfolio that spans printing, personal computing, software, services and IT infrastructure. More information about HP (NYSE: HPQ) is available at http://www.hp.com.