Jump to content Asia Pacific - English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
»  Contact HP

»  Search

HP.com Singapore home


How to stay one step ahead of hackers

 

HP Asia Pacific

     
»  Australia
»  China
»  Hong Kong
»  India
»  Indonesia
»  Japan
»  Korea
»  Malaysia
»  New Zealand
»  Philippines
»  Singapore
»  Taiwan
»  Thailand
»  Vietnam
 
Content starts here

Companies can spend big bucks developing high-performance Web applications that let customers do business whenever and wherever they choose. But allowing customers 24x7 access to applications also invites malicious hackers seeking a potential windfall that comes with exploiting your corporate and customer data.

Many businesses find they have more Web applications and vulnerabilities than security professionals to test them, and security testing often doesn't happen until an application is already in production. Unless you test for security at every phase of each application's lifecycle, your data may be more vulnerable than you realise.

Companies use firewalls and intrusion detection technology to protect their assets. But these measures alone are not enough. Web applications introduce vulnerabilities by allowing access to an organisation's systems and information. Experts estimate that a majority of security breaches happen within applications. That means that many Web applications in use today include serious vulnerabilities that can expose businesses to financial and legal risk.

It isn't just external applications that can carry vulnerabilities. Internal applications used by your employees can introduce the same security risks as external applications. 

All Web applications need to meet functional and performance standards and be highly secure. One way to achieve real security is to incorporate security testing into each phase of an application's lifecycle, from development to quality assurance to deployment, and continually in operations.

The business case for secure applications

The potential costs of unsecured Web applications can add up fast. The inability to conduct business during a denial-of-service attack, exposure of confidential data and loss of customer and shareholder confidence can erode your bottom line. Security gaps created by vulnerable Web applications cost industry untold millions every year. That's in addition to the long-term cost to your brand caused by diminished customer confidence in your product or service.

Companies can open themselves to huge legal fines and liabilities by leaving unsecured applications in place. Compliance laws like Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley, and European Union privacy regulations all require demonstrable, verifiable security, especially at the application level. 

The lifecycle approach to application security testing

Web applications need to start secure to stay secure. In other words, they should be built using secure coding practices, tested in QA for security vulnerabilities and continually monitored in production. This is known as a lifecycle approach to application security.

This approach saves money and effort by promoting more secure applications. Remediating security defects after an application is released requires additional time and resources, adding unanticipated costs to finished projects. It also diverts attention from other projects, potentially delaying time to market of new products and services.

The HP software solution

  • HP DevInspect Software -  simplifies security for developers by automatically finding and fixing application vulnerabilities and enabling developers to build secure Web applications and Web services quickly and easily, without impacting schedules or requiring security expertise
  • HP QAInspect Software - enables QA professionals to incorporate fully automated Web application security testing into the overall test management process without requiring QA people to be security specialists
  • HP WebInspect Software  - analyses complex Web applications built on emerging Web 2.0 technologies. The product's new architecture delivers fast scanning capabilities, broad assessment coverage and accurate results
  • HP Assessment Management Platform Software  - performs unlimited, automated Web application security testing and scanning assessments while consolidating information into a real-time, high-level, dashboard view of your company's current risk posture and policy compliance

These technologies use HP's Smart Update capability, which continually updates the product as new hacks or vulnerabilities are discovered. 

Organisations that take a lifecycle approach to Web application security can feel more confident about application security, which can lead to higher returns on e-business investments, happier customers and improved bottom-line performance.

Related Links

»  HP Application Security Center
»  HP Closes SPI Dynamics acquisition

Download

»  HP security assessment technology solution brief (PDF, 262 KB)
»  HP DevInspect software data sheet (PDF, 351 KB)
»  HP QAInspect software data sheet (PDF, 381 KB)
»  HP WebInspect software data sheet (PDF, 571 KB) 

How to stay one step ahead of hackers
Printable version  
Privacy statement Using this site means you accept its terms
© 2008 Hewlett-Packard Development Company, L.P.