Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


HP Application Security Goes SAAS



 By: Brian Prince
2008-05-27
Article Rating:starstarstarstarstar / 12


There are 1 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
HP has expanded its application security business with a series of upgrades.

Hewlett-Packard is taking a software-as-a-service approach to security in its latest push to help organizations secure their Web applications.

The company has plans to launch a service it calls the HP Assessment Management Platform in August to help customers centralize all of their Web application security analysis programs into a complete solution maintained and managed by HP. The announcement comes on the heels of a major upgrade of the companys Application Security Center, which includes new versions of its application assessment and quality assurance programs available today.

This is HP's first SAAS offering for application security, said Tim Van Ash, director of global service portfolio for HPs software-as-a-service business unit. In the past we partnered with a third party for infrastructure security assessments as part of load-testing offerings. The issue is how to enable a true enterprise approach and scale, and this can't be done by companies today with limited expertise in both the domain and products. Taking a SAAS approach allows the security team to offer these assessment services to the enterprise to the teams who really need them.

Resource Library:

With the upgrade of HP Application Security Center comes updated releases of HP DevInspect, HPQAInspect and HPWebInspect. In HP DevInspect 5.0, the company has added the ability to automatically correlate the results between the static and dynamic testing phases and to use that correlation to help prioritize the results. Previously, the results were presented separately.

HP QAInspect 5.0 integrates security defect management with HP Quality Center software. With defect staging and consolidation capabilities, application teams can filter, prioritize and assign defects based on risk to the business in order to help detect and address problems faster, HP officials said. Version 5.0 of HP WebInspect features faster runtimes and improved scanning accuracy for common security vulnerabilities such as cross-site scripting and SQL injection.

SPI Acquisition Bridges Web Security Gap

The latest security push comes roughly a year after HP acquired SPI Dynamics to bolster its position in application quality management. SPI Dynamics specialized in securing Web applications during the development process. Among the executives who came over after the acquisition is Billy Hoffman, who now heads the Web Security Research Group at HP Labs.

To Hoffman, the latest releases help bridge what he called a Web security gap that can plague enterprises during application development by providing common ground for developers and security pros.

Your average developer, QA guy doesnt really know all the security issues that your security team has, Hoffman said. With the DevInspect and QAInspect products, we kind of shifted the conversation, so were not really talking about security vulnerabilities because at their heart security vulnerabilities are really software defects.

Gartner analyst Joseph Feiman said organizations need to be vigilant throughout the entire application lifecycle - from requirements definition to development, testing and ultimately through production in order to ensure its applications are secure.

While customer-facing applications may be the lifeblood of a business, if they are not secured, they can provide an open door for hackers to a companys most sensitive data, Feiman said in a statement.





  Reader Comments: HP Application Security Goes SaaS
>>> Post your comment now!
eWeek
Hello this is Brian Prince from eWeek. Has the trend of pushing security deeper into the application lifecycle affected app development in your...
Posted At: 05-27-08
By: Brian Prince
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}ks㶲*Q3CO#d[uƶ|,8*-EBc!)?=~bvKiɏsw-ݍFև$i9crsk|jx֢w6w}!dYf0iTE[ ]Ϥ^Am۟@t 5v: Mz->>;| `OS[SMuɄZIКؖ>}^ql .pvLQCT:i?xi @Ibb(}Ѻ=(Dߵ-sm: \'|w*EnS8ս/De)l{*F8w/[h F~B {.Yu^?=2]pj:N`QFdn KaFrz=׽@M*-6 D=iTV,v2*-&;1ҡk)e z09juj=jfO-{n_w$z0֛z$=+~4ЌaS/! d4Z#K#ϟ~b[>4tqr_սP7nƞ;w=2w -wQKvTCO|lMݟPI uaGGeOuhsX 2n dþJeW+~V*}gQxg9{ۖ3p)sgEÝ|c4)UUew9,GA n$ZIۅ8^u{>~n}kr  + 򃬯%&W ZDTQRi$" Pc@GI^:H5=(G~7B-ݒhZIArIja̳|3-i*H,AH~6/˫NMӃNM,!V4*V^XFHAբsqԽ9j{H _ܹGtHMWh:w -Nկ7ixm5H|?-|`kh`cR^ٕH ?u_.d@OgCRdt(G#itǷPZ,/ dRrJGX*V Qhf5 x[&%e)":u ͪ5Vh/-Mn "d4 mp a6FALtH)=?&b.L2o<|)}̗W.d`(AK/g5 5t*転(If0[A0Ӂ AhӧI1}JMk>m uI8>2胎:m85" 47P}HOQI $Qp{꭫R69H_,}TaRkJY킊J$>6ZЉ\χc˖CB떂:;׻ښB"(QݻCiy1զπCρYzC23t~[>lPsz? q0yzDȣH&BD(jHB !Aly[$p hV(ЋJ9W*l׀Je !3wJRF=7^ +>*-qR% 53TYNjL=?j3!U~G,_E`z9r,T.i 2%UKZ%m2*C{ؕnEQmңF +>gKܷXrHy:unsHly0Ą'Hw\HJza-T5=Y-@Jk̖%C&=-f ˛mKRԛ0M-$kp?82` M l$)f Df)Կ ;7ng./='.ќKQrZҋS-ӿi  |k٪ փܕ#>d .z*H(A10ѿYĞf +KF+UʜWQVY'e)5WMYVc$] V6_2-˧L)ESr6w'Ne;vr+dɪ(V3H^R/MB[+Ҏ r%SsfE[s?񥖲PDlP}/XK+ezчțe2Lz%vd6 \{8`ȢuDjrIj#/o^iz\N٠bez Ѓڠr=N:!8{<=ZjM\?F'hV xZWK=Ckab恈7_M3k²%:0c*tҝōeliS;n/)EKIZQ>mV!P\{/LaCLmRGM}Bu߲IA̫eVdq2VƸH~6=2e]PT,ڠ_#׶ݻ|̠::WHҚ Vȹ(gb!VӐPS@1"^/Nu/U5GaNjܧ^l6B7nB@ŁǨ<)Z6۩P/';$!UנuTDq" ֚0섾 .c"}ϊ6 F:07f/|P" <Ӈ> BK LΧREZC v1v1UEP=) ]7u$vT<)G̟ sWyGY?Op]Hk1Sde`Syt( d.亢#?݀΍lΟЎ]ԇv!nAjY,@ < 0ԴgsZ/V<;Al ֯Lh7H"v/eOu)'Uj l|Z\:{>-.(W`>6F0bʏaj4X[ v%}督/zoΒ&EՌLtPȐhNÓWȡ1tT@q?_;(Tpϛ3GD*@7Z #e4* B|V>6W5ãJA pMǸó? 4rlj9E3 о -(R#uY@!& يaQVI dDfbNg¥ k*w%9*)<w+uP52ֺ.rtf>~e-&sZ#td[#Pgh' ? 7b ڵ q/c~h)ՁGEؾqm\U }=(N f+)uoE5}"QrEuY l&ŏhȇureH!IuO(KeGQutb*kZQ^? +8r=*i6+#4+ǽ!7Ÿ ޜbt yzդ[+Gs;Ÿʊg b|r}q6'G{t(j>cWԄƸE`3K?[Iiy!ڤiH@mXJ7eFV5IiuI+KZ 2aCU4^U&.r/柩fzogWoT~ZUtsUIfT-kZl[Ԫf>"iq?C@! HZW+;(,%~w9ـo |ZUj |2(R|"!C`'dq<:N~|+tSZ1OOXO\^y2a]}^^aa'i? 0+/5.eXšJ/{O`HꜷNVc8 !6g5ށ 2`i8FjxOC>jnWOQDuhôq?t`Bran=p[W' %Y_'gu ߽7'x!:'{,< Y#B[Wȧͦnj L k=d8)1'hdqH13^z0lzi!/{uԾĂ. ^ל$"z\N3$nX,9ބW_a[,$"0!t*t}}El{B*q]D2sY1^SF(+bK)"$DFzRFaʼno/`Ea1:*:{_ۡkᷜo5?Oů1Ok7tA`S(kNz4\1[5.SO:|&ݳBr^&V8:=h1Ie/Gqǻ"Ts (zL,ӤND)gT8іPxi'sfx!uln/q%՝r¥w/BYAO[ kmm̐ S)a"ϔ 5-c{e5)a5R!MLCYOC/$$f;R!I>Yeb}ҀĴ&{67g^%J$gζˤ(ė4 YR#Ak`qXt!}6PגR4\һo%˪\؅^|@3`C=K@!aD=rZTwZeUuw&ԱAktH];[WT@)3^X 2kv5̳,]97_zloIM2CZс?1Qݘ4qzN`rS@ ?{aNo[u߁؅ H.oEr+aGVɵeiP2;S+5L`aE8F$grhSrpr%>iWu ba}%H@R`@GL4b5zǿTfg 95+gNE VwN{},da3no?c[~ ?--8tQCR_#J1$ZQP"*s攤KȔX\N Gƣb@Ɍ7CCҁ&-33{F ޹3}KwK~E"cϺ77 ]ekw}B!uB6Kml܊ȥ9m/r\ 5"nx(ZY8|:kg" h6vgnl#Be0N ئw3ӧ;cgj7X#SOR1\jC|Wyglda}Z+#)ƙx <v4Z.;.߬k](<A~A< v4*)[˷xF}ia=⻆š~@Yk§ ,'iƿ_Wc-ޘU2$;l_c3הOcp௵;U%yc b ڒk0K,BH|pN7LV&Q~q*COƭF+6qhl`bx;#o<:Qg TUa&FO7F{p[>uH/3}UÇsexnYP8~5 hZPr-qB6yY d' wRn1@zdAHx\9T0?* @Aer!|:6'?>i-y,, ̰ASN-K^#Mc@_*n;k3:8k:&#zƞP3vZic}1gIEWAJw<3SǠZ|>Z0pNɜTd+$U%!كHtDW \;Q^R+qāʈƐ<_#K@hɈQ6Q%ݗtI@:u @0,Uhԩ;~wI$,(CdߎW<{WO/KO @*\JRU+׫J޲>$$ jAI@߄|iE |B'Ȼ/̝C&[H}٥}_RwjIˡ8E"P"ĠƖQ5qsO& ).igtՓxLyyyywuwcyVLu%a~+KV-jԂD|UdF|4X~t9DID "aϰ#Ԧj_]{9t%0d 5QyM{1[†?DޡyRw@ߊƁ]Heɑ|Jc#1<ۡDu=+'W]JLYQCIs 1!DIXS:(X5F\蚔b#!>N`j '})l %e1u䡨'< O8|*$Bz= . b֤KBg ]IA-ɮ(>Q챼aic;U55BšSR}A| t1\)lꆇd 9'EgdxʿYx2GZsҞaiqkOz̮ VRdmT4-e.ioWSJ۶uR|EV { 9`|cAٰB`HoHD"U@?u.{H̬mC2D&>anh7jzj3ɬ63+y} 萛z}c[ex|-1n }kdxX5bj'N32hmBT|遲"(OCbw#:l5q Ev `&cJoFc|D+)|D1xlRBoqިX ^ n>׶de]M tB*dKSɥk{zj3Mܴܯ#>pf7eՊtJV{2u`lJqV?d AVB" HCB9qQ 5Ѱ؛4ADyW[k?XJ᡹*ZO)[P IK|rߜzU@P3w[B*hB/n:Z20a3BZSh~Ad62Y3^II-ں}l0N#ۀښű6AxVLW &ѲkkqdEN[}^.JhNLn8n}$!tzlï^Bi&Xu"#UJE:`/>+V)c<8r65#h`PDDS 5ol6/+hέkjk~y_ڋK[_:𨾺oqlЊ|ueۋ?Ȁ{|5=0n9RS&p]}r EcWlckDpqˎ >ćA;A'!GIhT_ zfZt(/ԍ̞ajTnCĽ[?_lDlF/, 3,I?}"YQm LQӬfo!_`㾮3ۃΛ(y+_Z1^1;G(﷢wVNVK:ТCxbu~FLpq-f Q q;{/@=r C)w$=p0ʻU ^|lڋ!Çjj}<#,d^I YêP<800L68ߊM"K "K&5\n^R4o&qn/ = [8l*b6K-'|8+Ҍ>&sjVSv՜|咿<^YJ: znbtƄFKJ9.֤ GgTG o+J(M@~Ũq#qbjģ Rkah;Xy,cRk=X;Xhfwyb+'-楻sx"(͊ND`h*{d 1 3pBK $:"œI;?@tkilM/ ]'3"UX5\h 0.4)nW/ժ𳯕Zgz`NG!VW'r&S+5'm\lfO":&|yMLSxC7+);ڎUޓ?q488y|m@1"6 ?JIԘ8 [C)@vQY kxE"{F ;cZ'C^ /C45,S;9Ĕ#Mم0ѾxuSv1";9'0ᖩe/U1,1)kMQ(Vpx ~1&Q? liMX;^C.B'Q?Cy1"))ĴF#>C; ik6wA;'\26Faŷ^(l8*~vxcFb|>GK$vW@t^R tQ:.. %H)iPhP؟?pm2%\I0|4nn`6s}``yP0л;Lnѧq7Sf :RoLc3ΨntdˡQ(;b:M u߁3ɏE($nwKM r$!%H${=9n)3A߰<#ӿe2}xИ1RWkJ%L U꺂 2l=VJ&<>'A~uEq H@+^@Q;:w}Kfڟc<./Ͼiv>:NϺxQ Zѷptԍs=rؽrܹh_^u.&{_3}ePRz?;pp?cq~N'9?O;i';sIC:9CL"'^d5s3s{sy~a9?<ϡsDg 9CyN>E^\EuݜwAtsOK7G\}\%Կ̩sC?=/g=/g}~_?}}ʡϐ9/9g|sw y@9{ _ wCɵNr!oY7NoR89B ^*UykOy8߅yVU ?^`k9x 挿 {%k?kv.G}иCJWTwxP +:5(Q3Z %CCk p0t>VqF`^U^Elp:iDg>m'[*8 ߚQu8 % {Q&ƀ;'Q?аs|욡jSU ZWz.{4A ́a[C |(U˚VVk[*ja- L`!9tfDdU:.UJ0X^*(d@#غ̏׍|'C7"i\q x+[&.$1=:bl*V@6of!8^6սD<',c(<)d9K q9>œVL&͠nC7a%6SUD-#:!bn頕GcjÌ,!eނxql4VQG[*Xr(9T(ïYF |fzd L$pgB-jӋ>pOe!#KF3#`XC-+(lybb7brց:D%l"~<+f0 ="CPHtg*zl)m&ĤŤA֝D#Z#Xn΄_ð/7O7"VG?69-i5|r[|s~M@-XǶp1o6.ώ{;]9!K+up)/Հ`m|dY3&?e/IT( b`|(pIDj*LL*ul61-dt{x48 AZvu$$}9= zl;aV_sY D֣:4!.p+fVX"mu;dԦF\kυx}pQk V}#m {3E3$0z< @SĠC)deBF{W3f,=G[_5 b fy&b5@ gQVxY|>cs]/:6tX×EHHBO/ChEmC᳸c9"? eOob_,i-Y}쨯mˊM kt[(F+R^ף3 Iw? X)w'lnW|F{lK6`DR}L0N'&}Ju;H"O j3;1TeΝ[aiѶ=Z֕d2-1OĴa \wH v&,t>/uG8C d9d5cdī (}nV]f2KGӊgև|LAz! 9Z`KL<- + `♈uz1M62R8WD )Yb$sLwף69qSg _(,ϖW />om5)+o[t%(%x<[f6m˟~HױQĶ2 mJbA<\2;>Ŗi3x|@ =of8I`y%K@Hz21S`:hw '2t}VB(c 4g (ɟzTqަ7(G,#kȹ()`j[,:q kb=Oy螉|lڔa=r11ngFbcb@xVO=_qxC#>FY :x c)dr̄6 !yyUvҥ V襘F$0m1/y암vlH|+m='HbO1l,oԛŠ'TS*a#o *AV7.]28LDxZ4/쁅"?q_ݭJYldwɵ6:514co̓g{V"N0"G- a=>g~C;%=a r7qmr?0>ƺrX)&|ʢc9z?γ`?U`2-k52lv.2XH! Ŵaw`+vN*$th&жP?縨2a#ٔ M?[,.7v!;Z|yʳ#|_ 兏>ܗ{ >ŗ$ASX?x@t)W3nrWbcr9k/U̅{ї[睳/{ܥ|;hixm?3JdbQx'ξnwNN{+gݫ, mݸÏ'WOGRXF^zI2ݫv]:'ɂ^ֿa*X8Ml\㍿#P1TfPVKF636EOZ\֓]\/ ogg/\Oa6%s|M9VKI+^^.GȌEc6tgMt ){RX[`7m/Z6ZTR*