Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
HP Newsroom  >  News releases

News release


Company information

» Newsroom home
» News releases
  » Online press kits
  » Media relations contacts
  » Executive leadership
  » Newsroom archive
  » Videos
  » B-roll
  » Blogs
  » RSS feeds
Company info
  » Fast facts
  » Financial information
  » Global citizenship
  » HP Labs
  » Company history
More info
  » In the news
  » Awards
  » Student inquiries
  » Recalls and replacement programs
  » Trademarks

Content starts here

HP Helps Businesses Defend Against Malicious Web Attacks with New Application Security Offerings

PALO ALTO, Calif., May 27, 2008

HP today announced major updates to its application security software as well as a new software-as-a-service offering to help businesses minimize the risk of security breaches due to hacker attacks and safeguard against theft of sensitive customer information.

The new release of HP Application Security Center helps organizations discover, fix and prevent security vulnerabilities in their web applications. New features in the software help bridge the gaps that exist among development, quality assurance, operations and security teams within an IT organization.

This lifecycle approach helps companies comply with government and industry regulations, such as the Federal Information Security Management Act, the Health Insurance Portability and Accountability Act, the Payment Card Industry Data Security Standard, and the European Union Directive on Privacy and Electronic Communications.

"While customer-facing applications may be the lifeblood of a business, if they are not secured, they can provide an open door for hackers to a company's most sensitive data," said Joseph Feiman, vice president and Gartner fellow, Gartner. "Organizations must not only find security vulnerabilities in their applications, they must fix them and be vigilant about prevention throughout the application lifecycle, from requirements definition, development and testing, through production."

In a recent survey of 1,000 IT professionals worldwide, 80 percent said that responsibility for application security falls to their security or operations teams, while less than 27 percent said that their development or quality assurance teams share the responsibility.(1)

"Technology underpins our entire business, and our IT organization strives to deliver predictable outcomes," said Christopher Rence, chief information officer and vice president, Fair Isaac Corporation. "One of the solutions we rely upon to do this is HP Application Security Center, which provides a comprehensive capability for testing, remediation and prevention throughout our development lifecycle."

According to the Web Application Security Consortium, an international group of application security experts and industry practitioners, more than 40 percent of web hacking incidents are aimed at stealing personal information. Such "personal records" are easily traded on the Internet, which makes them the easiest virtual commodity to exchange for money.(2)

Customer adoption

Since the acquisition of SPI Dynamics in 2007, HP has increased its investment in research, product enhancements and new services in the application security area, boosting customer adoption. As a result, five of the top six banks, three of the top four food market companies, four of the top six insurance companies, and five of the top seven public companies in the world, as ranked by the Forbes Global 2000(3) use HP Application Security Center to protect their web applications from security threats.

"As a mobile data services provider, our clients require applications that are ready when needed, highly available and secure," said Jes Beirholm, director of information security at Denmark-based End2End VAS ApS. "HP Application Security Center helps us stay ahead of potential security issues so we can provide our customers thoroughly tested services and applications. It also helps us deliver on time by reducing our security testing time from a week to one hour."

New research helps businesses stay ahead of hacker threats

To help organizations stay ahead of the ever-changing security threats hackers invent every day, the HP Web Security Research Group, which includes many renowned experts in the security field, has added and updated checks in HP Application Security Center for rich Internet applications, including critical vulnerabilities in Apache and MySpace plug-ins.

The new security checks are automatically updated for existing customers within 24 hours. In addition, the group researched new security issues for Web 2.0 technologies, including Asynchronous JavaScript and XML (AJAX), Adobe® Flash and Microsoft® Silverlight.

Major product updates boost lifecycle approach to application security

HP Application Security Center includes HP Assessment Management Platform as the foundation of the solution, with HP DevInspect for developers, HP QAInspect for quality assurance teams and HP WebInspect for operations and security experts. This allows customers to successfully find, fix and prevent security vulnerabilities. Enhancements to HP Application Security Center increase efficiency for these teams and help them integrate these security practices into their existing application lifecycle processes.

  • HP DevInspect provides improved hybrid analysis that combines static and dynamic analysis to help find the true vulnerabilities. Remediation efforts can then be focused on the highest risk security defects. It provides a clear path for developers to build secure code within their integrated development environments. Support is available for Microsoft Visual Studio 2008, Visual Studio 2005 and Eclipse.
  • HP QAInspect includes the first advanced security defect management capability integrated with market-leading HP Quality Center software. With defect staging and consolidation capabilities, application teams can filter, prioritize and assign defects based on risk to the business. This makes security defect information available to the whole application lifecycle team, including development, quality assurance, operations and security. Security problems are then detected and fixed more rapidly.
  • HP WebInspect has been enhanced with faster runtimes and improved scanning accuracy for the security vulnerabilities that hackers most frequently exploit. These include cross-site scripting and SQL injection. This helps IT operations and security teams more efficiently find and fix the security defects that matter.

New software as a service offering

HP Assessment Management Platform, the foundation of HP Application Security Center, will be offered through HP Software-as-a-Service (SaaS). Customers can quickly and cost-effectively centralize all of their web application security assessment programs into a complete solution maintained and managed by HP SaaS.

"Hacker attacks are a critical concern for IT organizations of all sizes. Now customers can get up and running quickly and involve the right teams to minimize this risk," said Jonathan Rende, vice president of products, Software, HP. "HP is helping customers address their biggest application security challenges with new software-as-a-service offerings, product enhancements and research breakthroughs from our security experts."

HP also provides turnkey web application security assessment and penetration testing services performed by application security experts. These services use the HP SaaS offering to accelerate the assessment of an application's vulnerabilities and help customers reduce and manage risks associated with web applications that affect their business.


Enhancements to HP Application Security Center are available today. The new services are planned to be available in August.

HP Application Security Center is part of the HP Secure Advantage portfolio, which helps organizations improve protection of data and resources while validating regulatory compliance across their entire infrastructure.

To learn more, download a whitepaper on preventing malicious web attacks at www.hp.com/go/stophackers.

About HP

HP focuses on simplifying technology experiences for all of its customers - from individual consumers to the largest businesses. With a portfolio that spans printing, personal computing, software, services and IT infrastructure, HP is among the world's largest IT companies, with revenue totaling $110.4 billion for the four fiscal quarters ended April 30, 2008. More information about HP (NYSE: HPQ) is available at http://www.hp.com.

(1) Vanson Bourne, Survey, May 2008.
(2) Web Application Security Consortium, "The Web Hacking Incidents Database 2007 Annual Report," February 2008.
(3) Forbes, "The Global 2000," April 2008.

Adobe is a trademark of Adobe Systems Inc. Microsoft is a U.S. registered trademark of Microsoft Corp.

This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of management for future operations; any statements concerning expected development, performance or market share relating to products and services; anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the execution and performance of contracts by HP and its customers, suppliers and partners; the achievement of expected results; and other risks that are described in HP's Quarterly Report on Form 10-Q for the fiscal quarter ended January 31, 2008 and HP's other filings with the Securities and Exchange Commission, including but not limited to HP's Annual Report on Form 10-K for the fiscal year ended October 31, 2007. HP assumes no obligation and does not intend to update these forward-looking statements.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2012 Hewlett-Packard Development Company, L.P.