HPE WebInspect Real-Time

In July, 2011 presented HP HP WebInspect Real-Time — the software solution for dynamic testing of security of applications which analyzes a program code of the application in real time, thereby providing the largest accuracy by search of vulnerabilities.

HP WebInspect Real-Time is based on the HP engine of WebInspect 9.1 and works together with HP Fortify Security Scope. The program performs "invasion" into the application and allows to execute security testing during which it is possible to detect vulnerability if like that exists, in application code line.

The software solutions for dynamic analysis created for the purpose of identification and correction of vulnerabilities in the code of the program and its configuration "interfere" in a certain application in the automatic mode. This approach to dynamic testing provides the fastest way to search and correction of vulnerabilities, however in the conditions of isolation (when the program works one) it can be inefficient for the identification of the file code origin and code line responsible for the arisen vulnerability of a security system.

HP WebInspect Real-Time "interferes" in the application by start of the external automated security tests. Then the program analyzes "behavior" of an application code in the conditions of the external attack and collects internal information about the application, including data at the level of the code. Such interaction of technologies in real time provides more exact detection of dangerous vulnerabilities and providing the available methods of decrease in threats.

"Software solutions in the field of dynamic testing of security of applications (DAST) scan web applications and identify possible ways of the attacks which can interfere with operation of application. However, when vulnerability is found, the DAST applications do not specify in what specific line vulnerability is found — Joseph Faymann, the vice president of Gartner told. — This situation led to emergence of integrated solutions in the field of testing of security of applications (IAST) which analyze the started application code in real time. This approach helps to confirm or, on the contrary, to disprove existence of critical vulnerability, to point to its reason and also to provide to developers useful information, for example the stack-treysy or parts of code line that they managed to correct vulnerability of a security system quicker and more precisely".

With the advent of WebInspect Real-Time users of software solutions of HP in the field of security will be able:

• find more real vulnerabilities: HP Fortify SecurityScope, the new integrated application for security testing, uses the technologies allowing HP WebInspect Real-Time to identify and correct new types of vulnerabilities, which are not detected by means of "separate" (separate) technologies for security testing;
• to estimate the existing vulnerabilities in applications more precisely: HP WebInspect 9.1 allows to display vulnerabilities in the table with a search capability already now;
• to correct vulnerabilities quicker: by means of the analysis of the started application code performed using HP Fortify SecurityScope, HP WebInspect Real-Time provides certain information for further action, in particular the stack-treysy or code lines. Identification of priorities (prioritizing) of the detected problems is facilitated due to removal of vulnerabilities duplicates.

HP WebInspect Real-Time is already available to the order worldwide; the software package includes HP WebInspect and HP Fortify Security Scope.

The presented solutions in the field of security of applications are crucial elements of a solution portfolio on testing of security and risk management which help the organizations to move on the way of their conversion to the Innovation enterprises HP (Instant-On Enterprise). Such enterprise supports with technologies all the transactions without delay to satisfy requirements of business and state companies, partners and individuals.