Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/10/2010
04:48 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

HP Unveils Application Threat Analysis Service

Early life cycle security analysis addresses latent defects in applications and architecture

PALO ALTO, Calif., June 10, 2010 – HP today announced a new security service to help companies reduce vulnerabilities at the onset of the application development life cycle, thereby reducing the risk of millions of dollars in penalties and patches.

The HP Comprehensive Applications Threat Analysis, available worldwide, is the industry’s first early life cycle security assessment service that increases security assurance by addressing latent defects in applications and architecture.

The service provides architectural as well as design guidance alongside recommendations for security controls and best practices. Companies can then implement recommendations from the assessment’s comprehensive findings report to reduce costs associated with vulnerability rework and potential defects while minimizing the need for post-release updates to address security flaws.

As part of the HP Secure Advantage portfolio, the service helps organizations better address security and regulatory needs. It also defends against attacks while reducing the total cost of application ownership. The service is an integral part of the HP Cyber Security portfolio, which helps organizations leverage advances in technology and share information securely while protecting sensitive information and critical infrastructure.

“Customers are under increasing pressure from threats that exploit security weaknesses that were either missed or insufficiently addressed during early life cycle phases,” said Chris Whitener, chief security strategist, Secure Advantage, HP. “The HP Comprehensive Applications Threat Analysis service helps organizations reduce hidden weaknesses early in the assessment process and provides recommended mitigation strategies and secure design principles.”

The new service offering provides the following capabilities for increased security assurance:

— The Security Requirements Gap Analysis provides clients with access to valuable security expertise and the tools to fix and avoid security issues. This capability closely examines applications to identify often-missed technical security requirements imposed by relevant laws, regulations or practices.

— The Architectural Threat Analysis reduces client rework costs resulting from security scans, penetration tests and other vulnerability-finding activities. This capability identifies changes in application architecture to reduce the risk of latent security defects.

“HP efficiently provided the Comprehensive Applications Threat Analysis service and reliable security advice. During the security assessment, the HP team identified risks and proposed solutions to mitigate current and future vulnerabilities,” said Wallace B. Rodgers, program manager, E-Government, State of Oregon. “We implemented the HP-proposed solutions and are extremely pleased with the security quality assessment as well as recommendations.”

HP is the market leader in security products and services covering the entire application development life cycle from design to production. In addition to the Comprehensive Applications Threat Analysis service, HP offers HP Quality Center for security requirements, HP Application Security Center for web application vulnerability testing and HP Application Security Center of Excellence (CoE) Services to help organizations develop an application security program.

These software and services from HP ensure applications remain secure throughout the development, testing, production and operation phases, as well as help organizations develop their application security. Additionally, the HP Secure Advantage portfolio delivers extensive expertise to meet customers’ diverse security needs while helping them reduce complexity, risk and cost.

More information on HP’s security portfolio is available at www.hp.com/go/security.

About HP

HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. The world’s largest technology company, HP brings together a portfolio that spans printing, personal computing, software, services and IT infrastructure to solve customer problems. More information about HP (NYSE: HPQ) is available at http://www.hp.com/.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.