HP offers security as a service

Updates are made to HP's Application Security Center software.

HP’s Assessment Management Platform, which brings together all of HP’s security products, will now be offered as a software-as-a-service package to enable firms to accelerate the deployment of web applications.

The platform aggregates web application security data across an organisation. It combines HP's DevInspect software for developers, QAInspect software for quality assurance professionals and WebInspect software for security professionals.

Updated security checks have been added to the management platform for rich Internet applications, such as vulnerabilities in Apache and MySpace plug-ins.

DevInspect will now combine both static and dynamic analysis to ensure the highest risk security vulnerabilities are fixed first by developers.

Static analysis, which scrutinises the source code developers write, will be updated with options to test code, such as Ajax, as well as advanced JavaScript. These capabilities will be added to firms’ current ability to test dynamically, which Dennis Hurst, Application Security Center developer, described as “testing a web application the same way a hacker will attack it”.

QAInspect now includes an integrated security defect management capability with the Quality Center software. “The integration, which has been underway for the last four years, is now seamless,” said Hurst.

“This means instead of quality assurance teams testing a website manually and then pasting the security defects in a Quality Center, it is all done automatically,” he added. The updates are aimed at allowing security problems to be fixed faster and to save assurance teams time.

WebInspect has also been enhanced with faster runtimes and improved scanning accuracy. Hurst estimated the increased speed should save security experts around 25 per cent of their time in finding and fixing security defects.