AMSTELVEEN, 27 mei 2008 – HP heeft vandaag een aantal grote updates aangekondigd in haar beveiligingssoftware voor webapplicaties: HP Application Security Center. Daarmee kunnen bedrijven de risico’s van inbreuk door aanvallen van hackers minimaliseren en hun organisatie beveiligen tegen het stelen van gevoelige informatie over klanten. Tevens biedt HP de mogelijkheid om het assessment platform, waarvan de nieuwe software onderdeel uitmaakt, af te nemen als een Software as a Service.
De nieuwe versie van HP’s Application Security Center helpt organisaties bij het opsporen, repareren en voorkomen van beveiligingslekken in hun webtoepassingen gedurende elke fase van de levenscyclus van deze applicaties. Met HP DevInspect voor developers, HP QAInspect voor quality assurance teams en HP WebInspect voor operational and security experts. Dit helpt bedrijven om het ontwikkelproces te verbeteren en vooral ook te voldoen aan wet- en regelgeving vanuit de overheid en de industrie.
HP Assessment Management Platform, de basis voor HP Application Security Center, wordt ook aangeboden als Software as a Service. Klanten kunnen zo snel en kosteneffectief alle beveiligingsprocedures voor de webapplicaties centraliseren in een omgeving die volledig door HP SaaS wordt beheerd en onderhouden.
“Deze klantgerichte toepassingen zijn de levensader van een organisatie. Indien niet goed beveiligd, vormen zij een open deur voor hackers om binnen te wandelen en toegang te hebben tot de meest gevoelige data van de organisatie,” aldus Joseph Feiman, vice president en fellow bij Gartner. “Organisaties moeten niet alleen de gevoeligheden in hun toepassingen opsporen, maar deze ook direct repareren en waakzaam zijn op het gebied van preventie gedurende de hele levenscyclus van de applicatie. Vanaf de eerste fase, het vaststellen van het eisenpakket, via de ontwikkeling, testen, tot en met productie van de applicatie.”
Recent onderzoek onder 1.000 IT-professionals toont aan dat 80% aangeeft dat de verantwoordelijkheid voor de beveiliging van applicaties onder hun beveiliging of operationele teams valt. Slechts 27% gaf aan dat de verantwoordelijkheid hiervoor gedeeld wordt door hun development en kwaliteitsmanagement teams.
(1) Volgens het Web Application Security Consortium, een internationale groep van experts op het gebied van beveiliging van webapplicaties, richt meer dan 40% van de computerkraken zich op het stelen van persoonlijke informatie van klanten. Deze ‘ persoonsgegevens’ zijn gemakkelijk verhandelbaar op het Internet, waarmee ze gemakkelijk zijn om te zetten in geld.
(2)-- -- -- vervolg persbericht in het Engels Customer adoption Since the acquisition of SPI Dynamics in 2007, HP has increased its investment in research, product enhancements and new services in the application security area, boosting customer adoption. As a result, five of the top six banks, three of the top four food market companies, four of the top six insurance companies, and five of the top seven public companies in the world, as ranked by the Forbes Global 2000
(3) use HP Application Security Center to protect their web applications from security threats.
“As a mobile data services provider, our clients require applications that are ready when needed, highly available and secure,” said Jes Beirholm, director of information security at Denmark-based End2End VAS ApS. “HP Application Security Center helps us stay ahead of potential security issues so we can provide our customers thoroughly tested services and applications. It also helps us deliver on time by reducing our security testing time from a week to one hour.”
New research helps businesses stay ahead of hacker threats To help organizations stay ahead of the ever-changing security threats hackers invent every day, the HP Web Security Research Group, which includes many renowned experts in the security field, has added and updated checks in HP Application Security Center for rich Internet applications, including critical vulnerabilities in Apache and MySpace plug-ins.
The new security checks are automatically updated for existing customers within 24 hours. In addition, the group researched new security issues for Web 2.0 technologies, including Asynchronous JavaScript and XML (AJAX), Adobe® Flash and Microsoft® Silverlight.
Major product updates boost lifecycle approach to application security HP Application Security Center includes HP Assessment Management Platform as the foundation of the solution, with HP DevInspect for developers, HP QAInspect for quality assurance teams and HP WebInspect for operations and security experts. This allows customers to successfully find, fix and prevent security vulnerabilities. Enhancements to HP Application Security Center increase efficiency for these teams and help them integrate these security practices into their existing application lifecycle processes.
- HP DevInspect provides improved hybrid analysis that combines static and dynamic analysis to help find the true vulnerabilities. Remediation efforts can then be focused on the highest risk security defects. It provides a clear path for developers to build secure code within their integrated development environments. Support is available for Microsoft Visual Studio 2008, Visual Studio 2005 and Eclipse.
- HP QAInspect includes the first advanced security defect management capability integrated with market-leading HP Quality Center software. With defect staging and consolidation capabilities, application teams can filter, prioritize and assign defects based on risk to the business. This makes security defect information available to the whole application lifecycle team, including development, quality assurance, operations and security. Security problems are then detected and fixed more rapidly.
- HP WebInspect has been enhanced with faster runtimes and improved scanning accuracy for the security vulnerabilities that hackers most frequently exploit. These include cross-site scripting and SQL injection. This helps IT operations and security teams more efficiently find and fix the security defects that matter.
New software as a service offering HP Assessment Management Platform, the foundation of HP Application Security Center, will be offered through
HP Software-as-a-Service (SaaS). Customers can quickly and cost-effectively centralize all of their web application security assessment programs into a complete solution maintained and managed by HP SaaS.
“Hacker attacks are a critical concern for IT organizations of all sizes. Now customers can get up and running quickly and involve the right teams to minimize this risk,” said Jonathan Rende, vice president of products, Software, HP. “HP is helping customers address their biggest application security challenges with new software-as-a-service offerings, product enhancements and research breakthroughs from our security experts.”
HP also provides turnkey web application security assessment and penetration testing services performed by application security experts. These services use the HP SaaS offering to accelerate the assessment of an application’s vulnerabilities and help customers reduce and manage risks associated with web applications that affect their business.
Availability Enhancements to HP Application Security Center are available today. The new services are planned to be available in August. HP Application Security Center is part of the
HP Secure Advantage portfolio, which helps organizations improve protection of data and resources while validating regulatory compliance across their entire infrastructure.
To learn more, download a whitepaper on preventing malicious web attacks at
www.hp.com/go/stophackers.
Over HP HP maakt het gebruik van technologie eenvoudiger voor al haar klanten – van de individuele consument tot de grootste multinational. Met een breed portfolio op het gebied van printing, personal computing, software, services en IT infrastructuur behoort HP tot ’s werelds grootste IT-bedrijven. HP behaalde wereldwijd een omzet van $ 110,4 miljard over de laatste vier kwartalen, eindigend op 30 april 2008.
Meer informatie over HP (NYSE: HPQ), inclusief links naar RSS feeds, is te vinden op
www.hp.com/hpinfo/newsroom.
Contactpersonen voor de redactie: Hewlett-Packard Herbert Wormgoor
06 - 52494265
Herbert.wormgoor@hp.comof
Hill & Knowlton Kalle Siebring
020 - 404 47 07
ksiebring@hillandknowlton.com
(1) Vanson Bourne, Survey, May 2008.
(2) Web Application Security Consortium, “The Web Hacking Incidents Database 2007 Annual Report,” February 2008.
(3) Forbes, “The Global 2000,” April 2008.
Adobe is a trademark of Adobe Systems Inc. Microsoft is a U.S. registered trademark of Microsoft Corp.
This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of management for future operations; any statements concerning expected development, performance or market share relating to products and services; anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the execution and performance of contracts by HP and its customers, suppliers and partners; the achievement of expected results; and other risks that are described in HP’s Quarterly Report on Form 10-Q for the fiscal quarter ended January 31, 2008 and HP’s other filings with the Securities and Exchange Commission, including but not limited to HP’s Annual Report on Form 10-K for the fiscal year ended October 31, 2007. HP assumes no obligation and does not intend to update these forward-looking statements.