According to Gartner: “By 2009, 80% of companies have suffered an application security incident, and, as a result, have reacted by creating roles in the application development and testing organisations to ensure that security considerations are addressed at the application level.”
This comes as no surprise to Haydn Pinnell, MD of Gallium (an EOH company). In his experience, companies are simply not placing enough emphasis on security as part of an application's life cycle.
“As a resource, information is the lifeline of any organisation and its protection is, as such, vital. To successfully protect information, software solutions must be correctly designed, implemented and managed, with strong emphasis on security. Yet, despite the fact that security has become an executive issue, it remains one of the most neglected areas in the software application environment.”
He says that the application has been primarily focused on features and functionality, and the market drivers are primarily time to market and cost. Security is another facet of quality - and like quality, security must be built into the application, not tested at the end of the development cycle. Trustworthy software data only becomes possible when security becomes a standard requirement in the entire development process.
“Application quality includes not only functionality and performance, but also Web application security. While some security vulnerabilities exist in your Web server or application infrastructure, at least 90% of those vulnerabilities exist in the Web application itself. To address Web application security, you must treat these security vulnerabilities as defects. As such, application security must be incorporated into your existing quality management practices within the software development life cycle.”
This is where the sophisticated assessment technology of the HP Application Security Centre delivers exceptional benefit as a comprehensive suite of products that support the entire Web application life cycle, from development to ongoing operations management and auditing. These security products identify vulnerabilities early in the software life cycle and help prevent new vulnerabilities from being introduced throughout the life of the application. The software includes advanced compliance reporting and testing tools, which support major laws, regulations and best practices.
While traditional application security scanners do well to find vulnerabilities in some of the more mature Web technologies, Pinnell says they lack the intelligence required to scan emerging Web 2.0 technologies. Sophisticated assessment technology is embedded in all of the HP Application Security Centre products, providing accurate results, which give clients peace of mind right through the life cycle of the application. It is not a mere database, but a comprehensive and accurate knowledgebase.
“Using technology that ensures your customers get the best service is what it's all about. By identifying vulnerabilities before applications are released to production and preventing new vulnerabilities from being introduced throughout the life of the application, trustworthy software becomes a reality.”
Share
EOH
EOH is a business and technology solutions provider creating lifelong partnerships by developing business and IT strategies, supplying and implementing solutions and managing enterprise-wide business systems and processes for medium to large clients.
EOH operates in the following three clusters of business units as a fully integrated business:
Technology - Through a number of subsidiary companies, EOH is able to sell, implement and support a range of world-class business applications including ERP, CRM, business intelligence, advanced planning and scheduling, e-commerce and manufacturing execution systems (MES).
Consulting - Concentrated under the EOH Consulting brand are business units offering services ranging from strategic and business process consulting, project services, change management, supply chain optimisation and education.
Outsourcing - EOH offers comprehensive maintenance and support of client's IT infrastructure and applications through the rendering of full IT outsourcing, application hosting and managed services. In addition, EOH offers full business process outsourcing (BPO) services.
EOH has a presence in all major centres in South Africa and operates in the rest of Africa.
Gallium
Gallium, a member of the EOH group of companies, supplies business technology optimisation solutions from HP Software, specialised technology based professional services, training, managed services, test factory solutions and ad hoc quality and performance testing services.
Editorial contacts