HP Application Security Center

HP Application Security Center (ASC) was a set of technology solutions by HP Software Division. Much of the portfolio for this solution suite came from HP's acquisition of SPI Dynamics.^[1] The software solutions enabled developers, quality assurance (QA) teams and security experts to conduct web application security testing and remediation. The security products have been repackaged as enterprise security products from the HP Enterprise Security Products business in the HP Software Division.^[2]

Products

HP Application Security Center consisted of the following products:

• HP Assessment Management Platform software for managing a web application security testing program across the application lifecycle^[3]
• HP WebInspect software for web application security testing and assessment^[4]
• HP QAInspect software for standardized web application security testing during quality assurance (QA) testing^[5]

In May 2008, HP Software announced the availability of HP Application Security Center through HP Software as a Service [^[6]] along with the announcement of new releases of the HP Application Security Center products.^[7]

In September 2009, HP announced that it was discontinuing the HP DevInspect software products, formerly part of HP Application Security Center.^[8] HP stated that it had switched its focus to solutions for entire development groups rather than on a tool for individual developers. HP DevInspect was software for individual developers to use in creating secure web applications and services, and it integrated with specific IDEs (Integrated Development Environments). HP DevInspect for .NET operated with Microsoft Visual Studio, and HP DevInspect for Java operated with Eclipse or Rational (IBM) Application Developer.^[9]

Benefits

HP Application Security Center solutions helped find and fix security vulnerabilities for web applications throughout the application software development lifecycle (SDLC). By catching security vulnerabilities early in the application development lifecycle, organizations could reduce web attacks and vulnerabilities in their web applications. While some security vulnerabilities may exist in the web server or application infrastructure, at least 80 percent of those vulnerabilities existed in the web application itself.^[10]

HP Application Security Center also creates compliance reports for more than 20 laws, regulations and best practices, including PCI DSS (Payment Card Industry Data Security Standard).^[11] PCI DSS is a worldwide information security standard defined by the Payment Card Industry Security Standards Council.

More Information on Application Security

• Application security
• SQL injection
• Cross-site scripting
• PCI DSS Payment Card Industry Data Security Standard

External links

• HP Software
• HP Enterprise Security

References

1. ↑ HP to acquire SPI Dynamics for Web security, June 19, 2007 By SearchSecurity.com Staff
2. ↑ http://www.esecurityplanet.com/network-security/hp-integrates-enterprise-security-framework.html
3. ↑ “HP Assessment Management Platform (AMP) software”
4. ↑ “HP Application Security Center WebInspect”
5. ↑ "HP QA Inspect"
6. ↑ HP Application Security Goes SAAS, May 27, 2008 By Brian Prince
7. ↑ HP Helps Businesses Defend Against Malicious Web Attacks with New Application Security Offerings, May 27, 2008
8. ↑ “HP DevInspect for Java & HP DevInspect for .NET discontinuance letter
9. ↑ “HP DevInspect software
10. ↑ “Web apps account for 80 percent of internet vulnerabilities.”
11. ↑ “HP Application Security Center and the Payment Card Industry (PCI) Data Security Standard (DSS)”