HP Application Security Center
Encyclopedia
HP Application Security Center (ASC) is a set of technology solutions by HP Software Division. Much of the portfolio for this solution suite was from HP's acquisition of SPI Dynamics. The software solutions enable developers, quality assurance (QA) teams and security experts to conduct web application security testing and remediation.
In May 2008, HP Software announced the availability of HP Application Security Center through HP Software as a Service [] along with the announcement of new releases of the HP Application Security Center products.
In September 2009, HP announced that it was discontinuing the HP DevInspect software products, formerly part of HP Application Security Center. HP stated that it had switched its focus to solutions for entire development groups rather than on a tool for individual developers. HP DevInspect was software for individual developers to use in creating secure web applications and services, and it integrated with specific IDEs (Integrated Development Environments). HP DevInspect for .NET operated with Microsoft Visual Studio, and HP DevInspect for Java operated with Eclipse or Rational (IBM) Application Developer.
HP Application Security Center also creates compliance reports for more than 20 laws, regulations and best practices, including PCI DSS (Payment Card Industry Data Security Standard). PCI DSS is a worldwide information security standard defined by the Payment Card Industry Security Standards Council.
Products
HP Application Security Center consists of the following products:- HP Assessment Management Platform software for managing a web application security testing program across the application lifecycle
- HP WebInspect software for web application security testing and assessment
- HP QAInspect software for standardized web application security testing during quality assurance (QA) testing
In May 2008, HP Software announced the availability of HP Application Security Center through HP Software as a Service [] along with the announcement of new releases of the HP Application Security Center products.
In September 2009, HP announced that it was discontinuing the HP DevInspect software products, formerly part of HP Application Security Center. HP stated that it had switched its focus to solutions for entire development groups rather than on a tool for individual developers. HP DevInspect was software for individual developers to use in creating secure web applications and services, and it integrated with specific IDEs (Integrated Development Environments). HP DevInspect for .NET operated with Microsoft Visual Studio, and HP DevInspect for Java operated with Eclipse or Rational (IBM) Application Developer.
Benefits
HP Application Security Center solutions help find and fix security vulnerabilities for web applications throughout the application software development lifecycle (SDLC). By catching security vulnerabilities early in the application development lifecycle, organizations can reduce web attacks and vulnerabilities in their web applications. While some security vulnerabilities may exist in the web server or application infrastructure, at least 80 percent of those vulnerabilities exist in the web application itself.HP Application Security Center also creates compliance reports for more than 20 laws, regulations and best practices, including PCI DSS (Payment Card Industry Data Security Standard). PCI DSS is a worldwide information security standard defined by the Payment Card Industry Security Standards Council.
More Information on Application Security
- Application securityApplication securityApplication security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system through flaws in the design, development, deployment, upgrade, or maintenance of the application.Applications only...
- SQL injectionSQL injectionA SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website in order to dump the database content to the attacker. SQL injection is a code injection technique that exploits a security vulnerability in a website's software...
- Cross-site scriptingCross-site scriptingCross-site scripting is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same...
- PCI DSS Payment Card Industry Data Security Standard