New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
2008 Best Deployment Scenario

 Automated Security Assessment of Custom and Commercial Applications


Current Scenario: The Internet is a powerful force for driving business activity and used as a medium for managing internal corporate data and operational activities. Businesses’ online presence center around using Web applications to store, transmit and manage information. Firewalls and associated security technologies were the first line of defense against information theft. Today, the security configuration of Web applications has become the first and last line of defense against malicious attacks and confidential data leaks. A recent study[1] suggests in 2007 more than 70 million records will be exposed, unprotected or compromised via cyber-attack.


Info Security Products Guide
this article
COMPARE and print reports
RATE products

Tomorrow's Technology Today - Application Security

Tomorrow's Technology Today: Hailstorm Enterprise ARC addresses application security across the enterprise, and the only one to include patented fault injection technology. With its intelligent uber dashboard (rolling in data from all other key application security tools and manual pen testing), Cenzic Enterprise ARC gives companies the ability to automatically discover and inventory applications, providing a comprehensive view of security status with complete workflow from a central console. Cenzic Hailstorm Enterprise ARC enables companies to automatically identify all web applications within an environment via a web application discovery tool and provides a quantitative HARM™ (Hailstorm Application Risk Metric) measuring vulnerability levels of applications.

Hailstorm Enterprise ARC provides automated security assessment of custom and commercial web applications and works throughout the software development lifecycle to help remediate security vulnerabilities, guide enforcement of internal security policies and support regulatory compliance. With its dashboard views of applications, departments, business units, security and compliance, executives are armed with real-time status of the enterprise and the ability to launch and test any application. Key benefits include:

  • Intelligent dashboard provides key metrics
  • Uber dashboard for all other application security solutions
  • Shared database provides integrated reporting and maintains all summary and detail results (MySQL or Oracle)
  • Prioritize your vulnerabilities with the industry's first and only quantitative score called HARM™
  • Web server provides dashboard status of application security on a real-time, need-to-know basis
  • Job execution engine automatically discovers applications and performs ongoing assessments using SmartAttack™ library
  • Measurement of overall and individual application risk
  • Role-based visibility
  • Messaging for workflow support
  • Administrator control over user roles, tasks and privileges
  • Complete SmartAttack™ library and SmartAttack™ Modeler with rapid configuration and application-specific settings

Cenzic holds the one of the most important patents for web application security assessment using Fault Injection. The latest release includes integration of key vulnerability information from other sources, including competitors – no web application security software provides as thorough integration and coverage, with documented no false negatives reported.

Conclusion: Any organization transmitting data via the Internet is at risk and benefits from security-tested web applications - Hailstorm does so with patented fault injection technology. Additionally, Hailstorm checks for adherence to compliance mandates (corporate and governmental policies), providing the only integrated dashboard including data from other security solutions.

Cenzic, Inc.
455 El Camino Real, Suite 100
Santa Clara, CA 95050
Main: 1-866-423-6942