Security software that will find and fix vulnerabilities in Web 2.0 applications is among an application testing suite just released by HP, something that can be deployed as a guard against latest threats that now are often embedded in rich content types, like Flash.
The offering is one of the elements of HP’s Application Security Center, the latest version of which includes WebInspect 8.0, built to analyse vulnerabilities in applications based on the Adobe Flash platform or dynamic JavaScript/Ajax applications.
Use of Web 2.0 and AJAX (Asynchronous JavaScript and XML) technologies make for a rich website experience but they also provide an as yet largely untapped resource for malware authors.
Sites that allow people to upload content such as corporate blogs and other online community channels are particularly vulnerable because they allow hackers to inject dangerous web links and content in the form of comments.
The company claims that WebInspect identifies security vulnerabilities that are undetectable by traditional scanners and uses techniques like simultaneous crawl and audit, and concurrent application scanning to speed web services security testing.
Also part of the new suite is HP Assessment Management Platform 8.0 intended to help organisations accelerate the setting up a Center of Excellence for application security.
“It is a way they can secure more applications with a small team of specialised application security experts,” the company said. “In addition, this model helps organisations find and fix security vulnerabilities earlier in the application design process which helps lower costs.”
The application security testing software can be licensed in the usual way or bought in as a service from HP, which also announced a on-demand version called Project Services for Application Security Center that is maintained and managed by the vendor in association with EDS.
