HP Application Security Center (ASC) is a set of technology solutions by HP Software Division. Much of the portfolio for this solution suite was from HP's acquisition of SPI Dynamics.[1] The software solutions enable developers, quality assurance (QA) teams and security experts to conduct web application security testing and remediation.
Contents |
HP Application Security Center consists of the following products:
In May 2008, HP Software announced the availability of HP Application Security Center through HP Software as a Service [[5]] along with the announcement of new releases of the HP Application Security Center products.[6]
In September 2009, HP announced that it was discontinuing the HP DevInspect software products, formerly part of HP Application Security Center.[7] HP stated that it had switched its focus to solutions for entire development groups rather than on a tool for individual developers. HP DevInspect was software for individual developers to use in creating secure web applications and services, and it integrated with specific IDEs (Integrated Development Environments). HP DevInspect for .NET operated with Microsoft Visual Studio, and HP DevInspect for Java operated with Eclipse or Rational (IBM) Application Developer.[8]
HP Application Security Center solutions help find and fix security vulnerabilities for web applications throughout the application software development lifecycle (SDLC). By catching security vulnerabilities early in the application development lifecycle, organizations can reduce web attacks and vulnerabilities in their web applications. While some security vulnerabilities may exist in the web server or application infrastructure, at least 80 percent of those vulnerabilities exist in the web application itself.[9]
HP Application Security Center also creates compliance reports for more than 20 laws, regulations and best practices, including PCI DSS (Payment Card Industry Data Security Standard).[10] PCI DSS is a worldwide information security standard defined by the Payment Card Industry Security Standards Council.