HP is expanding its security solutions with new Web 2.0, user behavior and Flash analysis capabilities. There is also a new management tool being released by HP to help enterprises mitigate risks and manage application security testing efforts.
The security efforts from HP (NYSE:HPQ) come as studies continue to show that application security is a large enterprise concern. A new study from Forrester, (sponsored by HP competitor Vericode) claims that 62 percent of companies had been breached by way of a software vulnerability in the last 12 months.
“We’ve seen a huge market shift in the last 12 months,” Nick Bell, Senior Manager, Products, Application Security, Software and Solutions at HP told InternetNews.com. “People used to ask us why they needed application security testing, now customers ask us how to actually do application security.”
Bell added that Web 2.0 is a big driver for application security, which is a key focus of the computer giant’s new WebInspect 8.0 product.
“The new complexity of applications and the shifting of more business logic and data out to the client has increased the attack surface for hackers, said Bell.
Vulnerabilities in Flash
A key addition in WebInspect 8.0 is SWFscan, which is an HP developed technology for analyzing vulnerabilities in Adobe Flash applications. HP first discussed SWFscan at the Black Hat conference in Washington D.C earlier this year and made the base product freely available last month.
HP’s security tools division in part comes from the acquisition of SPI Dynamics in 2007. In adding detailed Flash analysis, HP follows at least one of SPI Dynamics traditional competitors. WatchFire (now owned by IBM) released a new version of its AppScan platform with Flash scanning earlier this year.
Penetration testing tools
In terms of new specific types of attacks that WebInspect 8.0 is able to detect, Morgan decline to offer a laundry list of functionality. Other penetration testing tools, like the one from HP competitor Cenzic, which was recently updated, make a point of listing new attacks as they become available.
“I’ve seen some other announcements lately about vendors doing one check or another,” Morgan commented. “A lot of what we’re talking about in this new release is about a brand new approach to understanding vulnerabilities. That’s where people are finding the vulnerabilities in the richness of the apps that are coming across. We’re looking beyond the individual check to make sure we understand where the hackers find vulnerabilities.”