HP Application Security Testing as-a-Service

Download PDF
2 downloads 214 Views 78KB Size Report
Comment
application that sits behind the corporate firewall in a secure data center is still not safe ... vulnerabilities in 19
Fact Sheet

HP Application Security Testing as-aService Secure the application layer with minimal upfront investment Overview The HP Application Security Testing-as-a-Service secures the enterprise by finding and fixing security vulnerabilities with minimal upfront investment. It combines HP’s security testing expertise with market-leading software tools, processes and best practices into an as-a-service model to reduce the risk, time and investment needed to deliver software security assurance and protect the enterprise. Many companies focus on protecting their networks, infrastructure and data centers with physical security and firewalls. However, an application that sits behind the corporate firewall in a secure data center is still not safe from attacks. New research conducted on behalf of HP demonstrates that executives rank applications as the third most dangerous vulnerability to their organizations, behind platform and network vulnerabilities.(1) Securing more applications in less time HP Application Security Testing-as-a-Service offers a highly available delivery model that provides flexibility in service consumption, allowing clients to scale security testing to cover more applications in less time. Code scanning and web penetration services are delivered using HP Fortify Static Code Analyzer and HP WebInspect, key components of the new HP Fortify Software Security Center. These services scan application source code and web-based applications to identify security vulnerabilities that might be exploited to gain access to sensitive data. HP security specialists eliminate false positive occurrences from the vulnerabilities identified, enabling clients to focus on securing the weaknesses within their applications. Identifying and prioritizing critical issues HP Application Security Testing-as-a-Service finds exploitable security vulnerabilities in web applications, web services, thick-client software,

1/2

Editorial Contacts Jennifer Harbour, HP +1 281 518 9632 [email protected] Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304 www.hp.com

Fact Sheet

mobile or server applications. In addition, the service detects software vulnerabilities in 19 programming languages and any web application technology. The service enables clients to determine where to focus limited development resources by prioritizing the most critical issues. To accelerate remediation, the service identifies the root cause of vulnerabilities. In addition, detailed reports reflecting security snapshots and trends help clients comply with government and industry regulations, as well as standards and policies. HP Application Security Testing-as-a-Service can be delivered onsite at client locations or from HP global delivery centers located around the world. HP offers a balanced, global network of testing centers of excellence that help clients deliver the application fundamentals of functional quality, performance and security. Pricing and availability HP Application Security Testing-as-a- Service is available worldwide today. The service is a utility-based model that is priced per application or site scanned. Additional information can be found at www.hp.com/go/applicationsecurityservices. (1) “HP Research: Enterprise Risk,” Coleman Parkes Research Ltd., July 2011.

© 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

2/2