HP's App Security Center Upgraded and Delivered as a Service
- By John K. Waters
- 05/29/08
Hewlett-Packard may not be the first name that comes to mind when the conversation turns to application security, but since its acquisition of SPI Dynamics last year, HP has increased its investment in research, product enhancements, and new services in the application security area.
This week, for example, the Palo Alto, CA-based company is showing off new features in its Web application security suite, called Application Security Center, along with a new Software as a Service (SaaS) delivery model.
"When it comes to security, organizations have traditionally focused on their networks, deploying firewall technologies, or locking down their servers by deploying host or network IDS or IPS technology," said Erik Peterson, director of products for HP's Application Security Center group. "But they haven't been watching their applications, which have emerged as the soft underbelly of the Internet."
The HP app security group was born with the SPI Dynamics acquisition last September. Peterson is a former VP of the acquired company.
The Application Security Center comprises four products designed to work together to fit into different phases of the application development lifecycle, Peterson explained. "There's this classic gap between the security teams and the application teams," he said in a recent interview. "We're bridging that gap by approaching security from a lifecycle perspective. Our goal is to provide an organization with the tools they need to lock down, secure, and test their Web applications for security defects from that perspective."
Those products include the HP Assessment Management Platform, the solution's foundation; HP DevInspect, a tool for developers; HP QAInspect, which is aimed at quality assurance teams; and HP WebInspect, for the operations and security experts.
The developer component, DevInspect, is designed to integrate with Microsoft's Visual Studio 2008 and Visual Studio 2005, as well as Eclipse, and to provide security testing capabilities from within these familiar tools. DevInspect 5.0, which is part of this week's announcement, employs an improved "hybrid analysis" technology. This technology combines black box testing and dynamic analysis capabilities in a single tool.