HP Application Security Center

Last updated

HP Application Security Center (ASC) was a set of technology solutions by HP Software Division. Much of the portfolio for this solution suite came from HP's acquisition of SPI Dynamics. [1] The software solutions enabled developers, quality assurance (QA) teams and security experts to conduct web application security testing and remediation. The security products have been repackaged as enterprise security products from the HP Enterprise Security Products business in the HP Software Division. [2]

Contents

Products

HP Application Security Center consisted of the following products:

In May 2008, HP Software announced the availability of HP Application Security Center through HP Software as a Service [ [6] ] along with the announcement of new releases of the HP Application Security Center products. [7]

In September 2009, HP announced that it was discontinuing the HP DevInspect software products, formerly part of HP Application Security Center. [8] HP stated that it had switched its focus to solutions for entire development groups rather than on a tool for individual developers. HP DevInspect was software for individual developers to use in creating secure web applications and services, and it integrated with specific IDEs (Integrated Development Environments). HP DevInspect for .NET operated with Microsoft Visual Studio, and HP DevInspect for Java operated with Eclipse or Rational (IBM) Application Developer. [9]

Benefits

HP Application Security Center solutions helped find and fix security vulnerabilities for web applications throughout the application software development lifecycle (SDLC). By catching security vulnerabilities early in the application development lifecycle, organizations could reduce web attacks and vulnerabilities in their web applications. While some security vulnerabilities may exist in the web server or application infrastructure, at least 80 percent of those vulnerabilities existed in the web application itself. [10]

HP Application Security Center also creates compliance reports for more than 20 laws, regulations and best practices, including PCI DSS (Payment Card Industry Data Security Standard). [11] PCI DSS is a worldwide information security standard defined by the Payment Card Industry Security Standards Council.

More Information on Application Security

Related Research Articles

<span class="mw-page-title-main">Tokenization (data security)</span> Concept in data security

Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no intrinsic or exploitable meaning or value. The token is a reference that maps back to the sensitive data through a tokenization system. The mapping from original data to a token uses methods that render tokens infeasible to reverse in the absence of the tokenization system, for example using tokens created from random numbers. A one-way cryptographic function is used to convert the original data into tokens, making it difficult to recreate the original data without obtaining entry to the tokenization system's resources. To deliver such services, the system maintains a vault database of tokens that are connected to the corresponding sensitive data. Protecting the system vault is vital to the system, and improved processes must be put in place to offer database integrity and physical security.

The Open Worldwide Application Security Project (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.

<span class="mw-page-title-main">Mercury Interactive</span> Israeli company

Mercury Interactive Corporation was an Israeli company acquired by the HP Software Division. Mercury offered software for application management, application delivery, change and configuration management, service-oriented architecture, change request, quality assurance, and IT governance.

Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

The Payment Card Industry Data Security Standard is an information security standard used to handle credit cards from major card brands. The standard is administered by the Payment Card Industry Security Standards Council, and its use is mandated by the card brands. It was created to better control cardholder data and reduce credit card fraud. Validation of compliance is performed annually or quarterly with a method suited to the volume of transactions:

SAINT is computer software used for scanning computer networks for security vulnerabilities, and exploiting found vulnerabilities.

OpenText Quality Center, formerly known as Micro Focus Quality Center, HP Quality Center is a quality management software offered by OpenText who acquired Micro Focus in 2023[8]. Micro Focus acquired the software division of Hewlett Packard Enterprise in 2017, with many capabilities acquired from Mercury Interactive Corporation. Quality Center offers software quality assurance, including requirements management, test management and business process testing for IT and application environments. Quality Center is a component of the Micro Focus Application Lifecycle Management software set.

The Payment Application Data Security Standard (PA-DSS) is the global security standard created by the Payment Card Industry Security Standards Council. PA-DSS was implemented in an effort to provide the definitive data standard for software vendors that develop payment applications. The standard aimed to prevent developed payment applications for third parties from storing prohibited secure data including magnetic stripe, CVV2, or PIN. In that process, the standard also dictates that software vendors develop payment applications that are compliant with the Payment Card Industry Data Security Standards.

<span class="mw-page-title-main">Linoma Software</span>

Linoma Software was a developer of secure managed file transfer and IBM i software solutions. The company was acquired by HelpSystems in June 2016. Mid-sized companies, large enterprises and government entities use Linoma's software products to protect sensitive data and comply with data security regulations such as PCI DSS, HIPAA/HITECH, SOX, GLBA and state privacy laws. Linoma's software runs on a variety of platforms including Windows, Linux, UNIX, IBM i, AIX, Solaris, HP-UX and Mac OS X.

<span class="mw-page-title-main">Sensage</span>

Sensage Inc. is a privately held data warehouse software provider headquartered in Redwood City, California. Sensage serves enterprises who use the software to capture and store event data so that it can be consolidated, searched and analyzed to generate reports that detect fraud, analyze performance trends, and comply with government regulations.

GlobalScape, Inc. (AMEX:GSB) is a software developer headquartered in San Antonio, Texas, United States.

HP IT Management Software is a family of Enterprise software products by Micro Focus as a result of the spin-merge of Hewlett Packard Enterprise's software assets with Micro Focus in 2017. The division was formerly owned by Hewlett Packard Enterprise, following the separation of Hewlett-Packard into HP Inc. and Hewlett Packard Enterprise in 2015. IT management software is a family of technology that helps companies manage their IT infrastructures, the people and the processes required to reap the greatest amount of responsiveness and effectiveness from today's multi-layered and highly complex data centers. Beginning in September 2005, HP purchased several software companies as part of a publicized, deliberate strategy to augment its catalog of IT management software offerings for large business customers. According to ZDNet and IDC, HP is the world's sixth largest software company.

Micro Focus Application Lifecycle Management (ALM) is a set of software tools developed and marketed by Micro Focus (previously Hewlett-Packard and Hewlett Packard Enterprise) for application development and testing. It includes tools for requirements management, test planning and functional testing, performance testing (when used with Performance Center), developer management (through integration with developer environments such as Collabnet, TeamForge and Microsoft Visual Studio), and defect management.

HP Network Management Center (NMC) is a suite of integrated HP software used by network managers in information technology departments. The suite allows network operators to see, catalog and monitor the routers, switches, and other devices on their network. IT staff is alerted when a network device fails and it predicts when a network node or connection point may go down. The suite was designed to address operational efficiency.

Application Defined Network (ADN) is an enterprise data network that uses virtual networks and security components to provide a dedicated logical network for each application. This allows customized security and network policies to be created to meet the requirements of that specific application. ADN technology allows for a simple physical architecture with fewer devices, less device configuration and integration. ADN solutions simplify businesses' need to securely deploy multiple applications across the enterprise footprint and partner networks, regardless of where the application resides. ADN platforms provide policy-based, application-specific delivery to corporate data centers, cloud services and third-party networks securely and cost-effectively. Some ADN solutions integrate 3G/4G wireless backup services to enable a second internet connection automatically and instantly when connectivity is lost on the primary access connection. The ADN design provides an application-to-application (A2A) based model that evolves enterprise networks beyond the site-to-site (S2S) private model.

A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration. They also introduce a performance degradation and are easily bypassed by attackers so their deployment is not recommended.

Point-to-point encryption (P2PE) is a standard established by the PCI Security Standards Council. Payment solutions that offer similar encryption but do not meet the P2PE standard are referred to as end-to-end encryption (E2EE) solutions. The objective of P2PE and E2EE is to provide a payment security solution that instantaneously converts confidential payment card data and information into indecipherable code at the time the card is swiped, in order to prevent hacking and fraud. It is designed to maximize the security of payment card transactions in an increasingly complex regulatory environment.

Utimaco Atalla, founded as Atalla Technovation and formerly known as Atalla Corporation or HP Atalla, is a security vendor, active in the market segments of data security and cryptography. Atalla provides government-grade end-to-end products in network security, and hardware security modules (HSMs) used in automated teller machines (ATMs) and Internet security. The company was founded by Egyptian engineer Mohamed M. Atalla in 1972. Atalla HSMs are the payment card industry's de facto standard, protecting 250 million card transactions daily as of 2013, and securing the majority of the world's ATM transactions as of 2014.

Code Dx, Inc. was an American software technology company active from 2015 to 2021. The company's flagship product, Code Dx, is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. In 2021, the company was acquired by Synopsys.

Checkmarx is an enterprise application security company headquartered in Atlanta, Georgia in the United States. Founded in 2006, the company provides application security testing (AST) solutions that embed security into every phase of the software development lifecycle (SDLC), an approach to software testing known as "shift everywhere."

References

  1. HP to acquire SPI Dynamics for Web security, June 19, 2007 By SearchSecurity.com Staff
  2. "HP Integrates Enterprise Security Framework". 13 September 2011.
  3. “HP Assessment Management Platform (AMP) software”
  4. “HP Application Security Center WebInspect”
  5. "HP QA Inspect" Archived 2009-12-28 at the Wayback Machine
  6. HP Application Security Goes SAAS, May 27, 2008 By Brian Prince
  7. HP Helps Businesses Defend Against Malicious Web Attacks with New Application Security Offerings, May 27, 2008
  8. “HP DevInspect for Java & HP DevInspect for .NET discontinuance letter
  9. “HP DevInspect software Archived 2009-12-28 at the Wayback Machine
  10. “Web apps account for 80 percent of internet vulnerabilities.”
  11. “HP Application Security Center and the Payment Card Industry (PCI) Data Security Standard (DSS)”
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.