Press Release: April 15, 2009
Topics:

HP Launches Application Security Solutions to Help Customers Prevent Web Attacks

PALO ALTO, Calif., April 15, 2009

HP today announced major new releases of its application security software designed to help companies lower costs and protect against malicious web attacks by hackers.

The new offerings are part of HP Application Security Center, a suite of software and services that helps companies ensure the security of their web applications by helping them discover, fix and prevent vulnerabilities that can be exploited by hackers. This video demonstrates one potential vulnerability.

New offerings include:

  • HP Assessment Management Platform 8.0 – helps customers reduce costs and mitigate application risk across the enterprise through a distributed, scalable web application security testing platform.
  • HP WebInspect 8.0 – helps customers thoroughly analyze complex web applications. This new release delivers fast, accurate security testing and remediation capabilities for web applications, including those built on emerging Web 2.0 technologies.
  • HP Software-as-a-Service(SaaS) Project Services for Application Security Center – help customers rapidly and cost-effectively implement their application security initiatives with a complete solution maintained and managed by HP.

“The cost of application security breaches, especially those that result in data being compromised, can be substantial,” said Chenxi Wang, principal analyst, Security and Risk Management, Forrester Research, Inc. “Forrester estimates that cost per record for a security breach is approximately $305 for companies in a highly regulated industry. This cost can be prohibitively high for companies that handle hundreds of thousands or millions of data records.”

With the new offerings from HP, IT executives can prioritize security issues by identifying the assets and data that matter most to their business. This approach allows organizations to focus their limited security resources on issues that have the greatest business impact. For example, organizations can prioritize security efforts for applications associated with credit card transactions and bring them into compliance with security guidelines from the Payment Card Industry (PCI).

“To ensure that our web applications are secure, we have incorporated security testing into every facet of our quality assurance and web application development life cycle,” said Erika Pecciotto, executive director of enterprise technology and quality, Sony Pictures Entertainment. “With HP Application Security Center, which is integrated with HP’s quality and performance testing solutions, our team of highly skilled security experts is now able to increase our security capabilities across our 25 development groups.”

Center of Excellence model improves security coverage, cuts costs

HP Assessment Management Platform 8.0 software helps customers set up a Center of Excellence (CoE) for application security. In a CoE model, a small team of security experts helps analyze the results of security tests that are implemented by people that may not have security expertise.

By using this model to test applications for security vulnerabilities within existing development, quality assurance and operations processes, organizations can increase security coverage across the enterprise at minimal cost. In addition, this model helps organizations find and fix security vulnerabilities earlier in the application design process which helps lower costs.

HP Assessment Management Platform 8.0 software helps customers:

  • Prioritize security issues based on the needs of the business, thereby focusing limited resources in areas that are needed the most.
  • Secure more applications with a small team of specialized application security experts by using a CoE model. This is enabled with new reporting capabilities and a new feature that lets users see how a remote scan is proceeding.

HP WebInspect 8.0 and HP Assessment Management Platform 8.0 software, which are based on the same testing and reporting code, help customers:

  • Find and fix security vulnerabilities in Web 2.0 applications with new static analysis capabilities for applications built on the Adobe® Flash platform and path tracing for dynamic JavaScript/Ajax applications.
  • Automate scans that previously could only be completed manually with support for Java™ Model View Control applications and new depth-first crawling capabilities that can find more security vulnerabilities.
  • Save time with automation features for faster assessment setup and out-of-the-box reporting features.

The new HP SaaS for Application Security Center Project Services provide full scanning and penetration testing services that are designed to:

  • Supplement customer security teams during critical projects or peak testing periods.
  • Provide expertise around the scanning requirements of Web 2.0 technologies.
  • Provide guidance on how to build out an effective compliance-driven web application security scanning practice across the entire enterprise.

HP Software Professional Services provides a full line of education, consulting and packaged services to help customers quickly adopt an effective application security program. These services help customers rapidly deploy HP WebInspect software and develop an Application Security Center of Excellence.

In addition, services provided by EDS, an HP company, help customers secure applications to reduce the risk of vulnerabilities. Additionally, Testing and Quality Assurance Services from EDS provide code scanning and application security testing from a global network of testing centers to ensure applications meet business expectations for security.

“HP Application Security Center helps IT organizations manage the growing risk of security breaches that take place through web applications,” said Jonathan Rende, vice president and general manager, Business Technology Optimization Applications, Software and Solutions, HP. “Today’s application modernization efforts are creating a better end-user experience but it may also produce websites that are more vulnerable to hackers.”

Availability

HP WebInspect 8.0 and HP Assessment Management Platform 8.0 are available now as licensed software products. HP Assessment Management Platform is expected to be available through HP SaaS in May.

HP WebInspect 8.0 and HP Assessment Management Platform 8.0 will be demonstrated at the RSA 2009 Conference in San Francisco, April 20-24, booth 246. They will also be featured at HP Software Universe 2009 in Las Vegas, June 16-18.

More information on the product launch is available at www.hp.com/go/stophackers.

About HP

HP, the world’s largest technology company, simplifies the technology experience for consumers and businesses with a portfolio that spans printing, personal computing, software, services and IT infrastructure. More information about HP (NYSE: HPQ) is available at http://www.hp.com.


Adobe is a trademark of Adobe Systems Incorporated. Java is a U.S. trademark of Sun Microsystems, Inc.

This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of management for future operations; any statements concerning expected development, performance or market share relating to products and services; any statements regarding anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include macroeconomic and geopolitical trends and events; the execution and performance of contracts by HP and its customers, suppliers and partners; the achievement of expected operational and financial results; and other risks that are described in HP’s filings with the Securities and Exchange Commission, including but not limited to HP’s Annual Report on Form 10-K for the fiscal year ended October 31, 2008. HP assumes no obligation and does not intend to update these forward-looking statements.

© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.


Editorial contacts:

Jean Kondo, HP: jean.kondo@hp.com

Julie Metting, Burson-Marsteller for HP: julie.metting@bm.com

About HP

HP Inc. creates technology that makes life better for everyone, everywhere. Through our portfolio of printers, PCs, mobile devices, solutions, and services, we engineer experiences that amaze. More information about HP Inc. is available at http://www.hp.com.