This week in London, during the InfoSecurity Europe conference, HP released an update to its WebInspect application security tool, designed to replicate real-world attacks and improve the testing phase of QA.
The update to WebInspect, which focuses on discovering security flaws during the application development lifecycle, includes a new Guided Scan that uses Adaptive Component Recognition to analyze complex applications and JavaScript.
“To effectively build safe and secure web applications, organizations need to be thinking about and testing for critical threats from the onset of development,” said Mike Armistead, vice president and general manager, Enterprise Security Products, Fortify, HP.
WebInspect can work with more than just JavaScript. The platform can also check for flaws in Ajax, Adobe Flash, and Web services (business logic flaws). Guided Scan leads security testers in adapting tests to specific scenarios in custom environments where test configuration is difficult to troubleshoot. This, HP explained, provides better handling of complex scenarios like detecting proxy misconfiguration or network authentication.
Related Resource: Are Your Applications Secure? Test Your Code For Free
WebInspect can work with various security management systems (via XML exports), as well as commonly used WAF appliances and TippingPoint’s IPS. Cost is $1,500 and is licensed per application, named user, or concurrent user. The latest features are available now. Additional specifications can be seen here.
In addition to enhancements to WebInspect, HP announced the expansion of the TippingPoint Next Gen. IPS, with new appliances designed to expedite detection, identification, and mitigation of network security threats.
The new HP S7500NX, HP S6200NX and HP S2600NX NGIPS appliances round out the HP NX family to cover data transfer speeds of 20Gbps, 10Gbps and 3Gbps respectively, and are expected later this year for worldwide release.
Related Resource: Are Your Applications Secure? Test Your Code For Free
Related Reading: The Unique Challenges of Controlling Java Exploits