Press Release: June 03, 2013
Topics: Strategic Focus: Software
HP Helps Customers Worldwide Secure Critical Applications
Novagalicia Banco and OutSystems choose HP Fortify solutions with both on-premises and SaaS-based delivery of secure application development
PALO ALTO, Calif. — HP today announced that Spanish bank Novagalicia Banco and application delivery platform provider OutSystems have selected HP Fortify solutions to proactively build software security assurance practices into the development life cycle of critical web and mobile applications.
With the growing volume and tenacity of security hacks targeting applications, organizations must reevaluate their defense strategies. As noted in the HP 2012 Cyber Risk Report, the majority of exploitable vulnerabilities primarily or exclusively impacted web applications, and accounted for 40 percent of overall vulnerability disclosures in 2012. The report also notes that the widespread adoption of mobile devices running custom applications has resulted in an increase of vulnerability disclosures of nearly 800 percent in the last five years alone.
HP Fortify helps customers reduce their security risk by offering both on-premises and Software-as-a-Service (SaaS)-based solutions to identify, prioritize and remediate application vulnerabilities. The solutions also enable organizations to save time and resources by eliminating risks in the early stages of the application development process, when vulnerabilities are easier and less expensive to fix.
Delivering scalability, usability to secure application development
When Novagalicia Banco was created as a result of a company merger, the Information Security department was faced with the daunting task of integrating and securing its application ecosystem.
Novagalicia Banco selected HP Fortify on Demand to provide the usability, scalability and reliability needed to ease the transition while securing its diverse application landscape. In addition, HP Fortify on Demand is helping the bank to exceed compliance requirements by building certain Payment Card Industry (PCI) standards into the early stages of application architecture and design.
“We were in search of a security solution that was capable of analyzing a large amount of code, with minimal adaptation, and worked across many programming languages,” said Roberto Baratta, chief information security officer, Novagalicia Banco. “HP Fortify on Demand not only helps us improve the security of our applications, it also increases our developers’ awareness of security issues and their use of best practices, which are key components of PCI compliance as well as internal and external audits.”
Today, Novagalicia Banco uses HP Fortify on Demand to run ad-hoc analyses on the source code of approximately 400 applications, including critical areas such as mobile banking, e-banking, payment gateways, corporate websites and wire transfers. The security-as-a-service (SaaS) testing solution accelerates the identification of errors by providing an in-depth level of code detail, enabling faster threat mitigation and reducing risk across the application environment.
HP Fortify on Demand has increased awareness of secure design and programming by involving Novagalicia Banco’s development teams from the onset of the “security by design” process. As the organization develops more applications, the SaaS solution will continue to play an evolutionary role in helping the Information Security team adjust to the current threat landscape, identify vulnerabilities and build secure solutions.
To address growth opportunities, the cloud-based SaaS model of HP Fortify on Demand gives Novagalicia Banco the flexibility to easily scale its implementation as needed, without having to make dedicated investments in hardware or software.
Reinforcing security in an enterprise application delivery platform
As the threat of application vulnerabilities continues to rise, OutSystems looked to reinforce the security of the web and mobile applications deployed by its customers.
OutSystems selected HP Fortify to address the need for enhanced security testing capabilities from design to production, ensuring the delivery of inherently secure enterprise web and mobile applications with the OutSystems® Platform. HP Fortify was selected due to its popularity among OutSystems’ customers, and its ability to support vulnerability scanning of the native Microsoft® .NET and Java code stacks generated by the OutSystems Platform. Vulnerability-scanning capabilities for different code stacks give customers greater choice and the ability to help address their unique needs.
“We needed a way to help our customers take advantage of industry-leading security standards and ensure that the enterprise web and mobile applications they deliver with the OutSystems Platform contain no known security vulnerabilities,” said David Holmes, vice president, Worldwide Marketing, OutSystems. “Through our adoption of HP Fortify, our customers can now build and maintain secure applications while eliminating the risk of oversight that is often present when code is written by hand or built outside of the IT department’s control.”
By using HP Fortify Static Code Analyzer (SCA) to systematically validate the security of web and mobile applications generated by the OutSystems Platform, the OutSystems Research and Development (R&D) team was able to define key security acceptance criteria. As a result, any vulnerabilities found in the generated code during testing can quickly be detected and remediated by the OutSystems R&D team to ensure that all applications generated by the OutSystems Platform are inherently secure.
“Organizations often lose time and money by failing to incorporate security processes into the early stages of application development,” said Mike Armistead, vice president and general manager, Enterprise Security Products, Fortify, HP. “HP Fortify solutions deliver comprehensive software security assurance to thousands of customers around the world, quickly and effectively reducing risk, proactively meeting compliance requirements, and integrating critical security processes into the software development life cycle.”
HP Security Research (HPSR) provides the intelligence that powers the HP Fortify portfolio of software security products, allowing customers to benefit from the latest in security research. HP Fortify Software Security Content supports nearly 600 vulnerability categories across 21 programming languages, and spans more than 715,000 individual Application Programming Interfaces (APIs).
HP’s premier America’s client event, HP Discover, takes place June 11-13 in Las Vegas.
HP’s annual enterprise security event, HP Protect, will take place Sept. 16-19 in Washington, D.C.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.