Testing application security

25 05 2009

The safety of IT is an important topic for all CIO for many years. The tests are part. Therefore a lot of company provides safety testing and intrusion audits or to know the vulnerabilities of an enterprise in order to « correct ».

But in this little world I know nobody really dealing, effectively and operationally tested for safety applications!

That is why I begin the new articles on the topic so you can benefit. If you have comments or suggestions I am listening to you.

My first article deals with one of my visits to HP or to the presentation of major updates to its software designed to help CIOs to reduce the vulnerability of their Web applications. These new offerings are part of HP Application Security Center, a suite of software and services designed to help companies ensure the security of their Web applications by enabling them to discover, correct and prevent vulnerabilities may be exploited by hackers .

What is HP Application Security Center? It helps developers, quality assurance teams and security professionals to detect and correct quickly and efficiently vulnerabilities and defects throughout the lifecycle of the application. These software products test security provide definitions of common security strategy, safety testing automated, centralized control permissions and web access to security information.

Innovations 2009:

HP Assessment Management Platform 8.0 – helps companies reduce costs and risks through application testing platform for distributed and scalable web application security. In addition, HP Assessment Management Platform 8.0 enables companies to:

• Prioritize security concerns based on business goals. New analytical functions help companies identify assets that need to be secure and classify data according to their importance to the business. Incorporating a business allows data to effectively focus the attention of competent security

• Securing more applications with fewer resources specialist with a shared services model. The latter is provided by comprehensive reporting functions and a new display function allowing teams to remotely monitor security scan.

HP WebInspect 8.0 – helps companies analyze the complex web applications. This new version brings more speed and reliability in testing and remediation capabilities (term used by HP meaning « a cure » – is not in the dictionary french) the security of web applications, including those developed with Web 2.0 technologies.

HP Software-as-a-Service (SaaS) for Project Services Application Security Center enables companies to rapidly implement their initiatives to secure applications via a complete solution maintained and managed by HP.

The new HP offerings enable CIOs to prioritize the threats based on their business goals. This approach can often concentrate limited resources on protecting assets and the most important. For example, an organization can identify applications associated with processing credit card transactions and focus its efforts to improve security in order to comply with the recommendations of the payment card industry (PCI DSS for example).

Thus, experts supervise the whole process of securing the enterprise and help to analyze the results of safety tests. This model helps companies to enhance the security of their information systems by making the test even within existing process development, quality assurance and operations. Because finding and correcting vulnerabilities early in the design process can reduce costs, this model helps companies to enhance the security of their information systems at lower cost, industrialising safety tests through the entire life cycle of applications.

HP WebInspect software 8.0 and HP Assessment Management Platform 8.0 is based on the same infrastructure scanning and reporting. Both help companies:

• Find and fix vulnerabilities in Web 2.0 applications with the functions of static analysis of applications built on the platform Adobe Flash ® platform and dynamic monitoring for applications JavaScript / Ajax.

• Implement automatic scans that could not hitherto be performed manually. This concerns in particular, in-depth monitoring for Java ™ Model View Control • Save time with many automation functions, allowing a more rapid tests, and functions ready to use reporting

• The new HP offers SaaS for Project Services Application Security Center helps companies to quickly start the operation of HP Application Security Center, on demand.