HP Offers Application Development Security Solution
Hewlett-Packard announced a security service to help companies
reduce vulnerabilities at the onset of the application development
lifecycle, Comprehensive Applications Threat Analysis. The solution, an
early life cycle security assessment service that addresses latent
defects in applications and architecture, is available worldwide and
provides architectural as well as design guidance alongside
recommendations for security controls and best
The service includes the Security Requirements Gap Analysis, which
provides clients with access to security expertise and the tools to fix
and avoid security issues. This capability examines applications to
identify technical security requirements imposed by relevant laws,
regulations or practices. The solution also includes the Architectural
Threat Analysis, which is aimed at reducing client rework costs
resulting from security scans, penetration tests and other
vulnerability-finding activities. This capability identifies changes in
application architecture to reduce the risk of latent security defects.
HP said after implementing the analysis tools, companies can then
implement recommendations from the assessment's findings report to
reduce costs associated with vulnerability rework and potential defects
while minimizing the need for post-release updates to address security
flaws. In addition to the Comprehensive Applications Threat Analysis
service, HP offers the Quality Center for security requirements, Application Security Center for Web application
vulnerability testing and Application Security Center of Excellence
(CoE) Services to help businesses develop an application security
"Customers are under increasing pressure from threats that exploit security weaknesses that were either missed or insufficiently addressed during early lifecycle phases," said Chris Whitener, chief security strategist for Secure Advantage at HP. "The Comprehensive Applications Threat Analysis service helps organizations reduce hidden weaknesses early in the assessment process and provides recommended mitigation strategies and secure design principles."
As part of the HP Secure Advantage portfolio, the service is aimed at helping organizations better address security and regulatory needs. It also is designed to defend against attacks while reducing the total cost of application ownership. The service is a part of the HP Cyber Security portfolio, which helps organizations leverage advances in technology and share information securely while protecting
sensitive information and critical infrastructure.
"HP efficiently provided the Comprehensive Applications Threat Analysis service and reliable security advice. During the security assessment, the HP team identified risks and proposed solutions to mitigate current and future vulnerabilities," said Wallace B. Rodgers, program manager of E-Government for the state of Oregon. "We implemented the HP-proposed solutions and are extremely pleased with the security quality assessment as well as recommendations."