HP Launches Security Services for Early Development

Numerous security tools on the market today perform static analysis, penetration testing and security audits on application code that has already been written.

But what if you could stop vulnerabilities before they reach the code stage? [login]

That’s where a new service from HP (NYSE: HPQ) dubbed Comprehensive Applications Threat Analysis (CATA) may be able to help out application developers. CATA is an effort to provide an early life-cycle security assessment service that could help to prevent security vulnerabilities in application development.

The service made its debut the same week that rival IBM (NYSE: IBM) announced its own new initiative to secure application development.

“We have certified security reviewers in this process and what the service provides is an assessment of the application development early on in the life cycle,” John Diamant, HP’s CATA service lead, told InternetNews.com. “So we come in and gather information about the system under review and provide an assessment of it.”

Diamant added that as part of the engagement HP performs a gap analysis to identify how an application under development should meet security requirements. HP will also perform an architectural threat analysis to ensure that the application is capable of implementing those requirements.

The new service can be complementary to HP’s other application-development security products, including the Application Security Center, though Diamant stressed that the early life-cycle component of CATA is key.

“This can be applied prior to any code actually being written,” Diamant said. “This can be applied at the time an application is being considered in order to identify the security requirement of a particular market. Then with architecture and design analysis — potentially before any code is written — [the application] can be analyzed for security resiliency.”

While CATA can also benefit later stages of development, Diamant noted implementing it earlier in the process can increase the ROI for enterprises.

“By applying CATA early, it is possible to minimize the introduction of vulnerabilities and thus completely eliminate the need to fix vulnerabilities that are avoided as a result,” he said.

HP does have some internal tools and templates that it will be using for CATA, though Diamant stressed having trained HP personnel is critical. He noted that the CATA approach is heavily dependent on the human expertise and skill of HP’s consultants.

Among the issues CATA is attempting to resolve is the fact that development teams aren’t always familiar with all the security and regulatory compliance requirements in place in a particular market vertical.

Additionally, some common vulnerabilities such as buffer overflows and SQL injections can be addressed as part of proper application planning.

“There is a wide variety of architectural resiliency analysis that we do that deals not just with a specific vulnerability, but also with modifying the architecture in such a way as to greatly reduce the probably that an arbitrary defect will become a security vulnerability,” Diamant said.

As an example, he explained that a buffer overflow may or may not become a security vulnerability depending on how the application is designed and where the buffer overflow occurs. Diamant added that CATA is able to identify the areas in an application design that are at the greatest risk, which can then be given additional focus and scrutiny to minimize or eliminate vulnerability impacts.

“We recognize that software development results in defects being present in code,” he said. “It’s not possible or practical for large complex application to be totally bug-free. As a result our approach is not to expect to be able to find all defects, but rather to provide design guidance to ensure that the vast majority of defects don’t become vulnerabilities.”

Tags: HP, security, developer, CATA, vulnerabilities

Share the Post:
Share on facebook
Share on twitter
Share on linkedin


The Latest

Top 5 B2B SaaS Marketing Agencies for 2023

In recent years, the software-as-a-service (SaaS) sector has experienced exponential growth as more and more companies choose cloud-based solutions. Any SaaS company hoping to stay ahead of the curve in this quickly changing industry needs to invest in effective marketing. So selecting the best marketing agency can mean the difference

technology leadership

Why the World Needs More Technology Leadership

As a fact, technology has touched every single aspect of our lives. And there are some technology giants in today’s world which have been frequently opined to have a strong influence on recent overall technological influence. Moreover, those tech giants have popular technology leaders leading the companies toward achieving greatness.

iOS app development

The Future of iOS App Development: Trends to Watch

When it launched in 2008, the Apple App Store only had 500 apps available. By the first quarter of 2022, the store had about 2.18 million iOS-exclusive apps. Average monthly app releases for the platform reached 34,000 in the first half of 2022, indicating rapid growth in iOS app development.