HP Application Security Center

HP Application Security Center (ASC) was a set of technology solutions by HP Software Division. Much of the portfolio for this solution suite came from HP's acquisition of SPI Dynamics. The software solutions enabled developers, quality assurance (QA) teams and security experts to conduct web application security testing and remediation. The security products have been repackaged as enterprise security products from the HP Enterprise Security Products business in the HP Software Division.

Products
HP Application Security Center consisted of the following products:
 * HP Assessment Management Platform software for managing a web application security testing program across the application lifecycle
 * HP WebInspect software for web application security testing and assessment
 * HP QAInspect software for standardized web application security testing during quality assurance (QA) testing

In May 2008, HP Software announced the availability of HP Application Security Center through HP Software as a Service [ ] along with the announcement of new releases of the HP Application Security Center products.

In September 2009, HP announced that it was discontinuing the HP DevInspect software products, formerly part of HP Application Security Center. HP stated that it had switched its focus to solutions for entire development groups rather than on a tool for individual developers. HP DevInspect was software for individual developers to use in creating secure web applications and services, and it integrated with specific IDEs (Integrated Development Environments). HP DevInspect for .NET operated with Microsoft Visual Studio, and HP DevInspect for Java operated with Eclipse or Rational (IBM) Application Developer.

Benefits
HP Application Security Center solutions helped find and fix security vulnerabilities for web applications throughout the application software development lifecycle (SDLC). By catching security vulnerabilities early in the application development lifecycle, organizations could reduce web attacks and vulnerabilities in their web applications. While some security vulnerabilities may exist in the web server or application infrastructure, at least 80 percent of those vulnerabilities existed in the web application itself.

HP Application Security Center also creates compliance reports for more than 20 laws, regulations and best practices, including PCI DSS (Payment Card Industry Data Security Standard). PCI DSS is a worldwide information security standard defined by the Payment Card Industry Security Standards Council.

More Information on Application Security

 * Application security
 * SQL injection
 * Cross-site scripting
 * PCI DSS Payment Card Industry Data Security Standard