Press Release: June 03, 2013

HP Helps Customers Worldwide Secure Critical Applications

Novagalicia Banco and OutSystems choose HP Fortify solutions with both on-premises and SaaS-based delivery of secure application development

PALO ALTO, Calif. — HP today announced that Spanish bank Novagalicia Banco and application delivery platform provider OutSystems have selected HP Fortify solutions to proactively build software security assurance practices into the development life cycle of critical web and mobile applications.

With the growing volume and tenacity of security hacks targeting applications, organizations must reevaluate their defense strategies. As noted in the HP 2012 Cyber Risk Report, the majority of exploitable vulnerabilities primarily or exclusively impacted web applications, and accounted for 40 percent of overall vulnerability disclosures in 2012. The report also notes that the widespread adoption of mobile devices running custom applications has resulted in an increase of vulnerability disclosures of nearly 800 percent in the last five years alone.

HP Fortify helps customers reduce their security risk by offering both on-premises and Software-as-a-Service (SaaS)-based solutions to identify, prioritize and remediate application vulnerabilities. The solutions also enable organizations to save time and resources by eliminating risks in the early stages of the application development process, when vulnerabilities are easier and less expensive to fix.

Delivering scalability, usability to secure application development

When Novagalicia Banco was created as a result of a company merger, the Information Security department was faced with the daunting task of integrating and securing its application ecosystem.

Novagalicia Banco selected HP Fortify on Demand to provide the usability, scalability and reliability needed to ease the transition while securing its diverse application landscape. In addition, HP Fortify on Demand is helping the bank to exceed compliance requirements by building certain Payment Card Industry (PCI) standards into the early stages of application architecture and design.

“We were in search of a security solution that was capable of analyzing a large amount of code, with minimal adaptation, and worked across many programming languages,” said Roberto Baratta, chief information security officer, Novagalicia Banco. “HP Fortify on Demand not only helps us improve the security of our applications, it also increases our developers’ awareness of security issues and their use of best practices, which are key components of PCI compliance as well as internal and external audits.”

Today, Novagalicia Banco uses HP Fortify on Demand to run ad-hoc analyses on the source code of approximately 400 applications, including critical areas such as mobile banking, e-banking, payment gateways, corporate websites and wire transfers. The security-as-a-service (SaaS) testing solution accelerates the identification of errors by providing an in-depth level of code detail, enabling faster threat mitigation and reducing risk across the application environment.

HP Fortify on Demand has increased awareness of secure design and programming by involving Novagalicia Banco’s development teams from the onset of the “security by design” process. As the organization develops more applications, the SaaS solution will continue to play an evolutionary role in helping the Information Security team adjust to the current threat landscape, identify vulnerabilities and build secure solutions.

To address growth opportunities, the cloud-based SaaS model of HP Fortify on Demand gives Novagalicia Banco the flexibility to easily scale its implementation as needed, without having to make dedicated investments in hardware or software.

Reinforcing security in an enterprise application delivery platform

As the threat of application vulnerabilities continues to rise, OutSystems looked to reinforce the security of the web and mobile applications deployed by its customers.

OutSystems selected HP Fortify to address the need for enhanced security testing capabilities from design to production, ensuring the delivery of inherently secure enterprise web and mobile applications with the OutSystems® Platform. HP Fortify was selected due to its popularity among OutSystems’ customers, and its ability to support vulnerability scanning of the native Microsoft® .NET and Java code stacks generated by the OutSystems Platform. Vulnerability-scanning capabilities for different code stacks give customers greater choice and the ability to help address their unique needs.

“We needed a way to help our customers take advantage of industry-leading security standards and ensure that the enterprise web and mobile applications they deliver with the OutSystems Platform contain no known security vulnerabilities,” said David Holmes, vice president, Worldwide Marketing, OutSystems. “Through our adoption of HP Fortify, our customers can now build and maintain secure applications while eliminating the risk of oversight that is often present when code is written by hand or built outside of the IT department’s control.”

By using HP Fortify Static Code Analyzer (SCA) to systematically validate the security of web and mobile applications generated by the OutSystems Platform, the OutSystems Research and Development (R&D) team was able to define key security acceptance criteria. As a result, any vulnerabilities found in the generated code during testing can quickly be detected and remediated by the OutSystems R&D team to ensure that all applications generated by the OutSystems Platform are inherently secure.

“Organizations often lose time and money by failing to incorporate security processes into the early stages of application development,” said Mike Armistead, vice president and general manager, Enterprise Security Products, Fortify, HP. “HP Fortify solutions deliver comprehensive software security assurance to thousands of customers around the world, quickly and effectively reducing risk, proactively meeting compliance requirements, and integrating critical security processes into the software development life cycle.”

HP Security Research (HPSR) provides the intelligence that powers the HP Fortify portfolio of software security products, allowing customers to benefit from the latest in security research. HP Fortify Software Security Content supports nearly 600 vulnerability categories across 21 programming languages, and spans more than 715,000 individual Application Programming Interfaces (APIs).

HP’s premier America’s client event, HP Discover, takes place June 11-13 in Las Vegas.

HP’s annual enterprise security event, HP Protect, will take place Sept. 16-19 in Washington, D.C.

Microsoft is a U.S. registered trademark of Microsoft Corporation. Java is a registered trademark of Oracle and/or its affiliates.

This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of management for future operations; any statements concerning expected development, performance, market share or competitive performance relating to products and services; any statements regarding anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include macroeconomic and geopolitical trends and events; the competitive pressures faced by HP’s businesses; the development and transition of new products and services and the enhancement of existing products and services to meet customer needs and respond to emerging technological trends; the execution and performance of contracts by HP and its customers, suppliers and partners; the protection of HP's intellectual property assets, including intellectual property licensed from third parties; integration and other risks associated with business combination and investment transactions; the hiring and retention of key employees; assumptions related to pension and other post-retirement costs and retirement programs; the execution, timing and results of restructuring plans, including estimates and assumptions related to the cost and the anticipated benefits of implementing those plans; the resolution of pending investigations, claims and disputes; and other risks that are described in HP’s filings with the Securities and Exchange Commission, including HP’s Annual Report on Form 10-K for the fiscal year ended October 31, 2012.  HP assumes no obligation and does not intend to update these forward-looking statements.

© 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Media contacts

About HP

HP Inc. creates technology that makes life better for everyone, everywhere. Through our portfolio of printers, PCs, mobile devices, solutions, and services, we engineer experiences that amaze. More information about HP Inc. is available at