New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
2008 Best Deployment Scenario

Addressing application security across the enterprise



The Internet is a powerful force for driving business activity and used as a medium for managing internal corporate data and operational activities. Businesses’ online presence center around using Web applications to store, transmit and manage information. Firewalls and associated security technologies were the first line of defense against information theft. Today, the security configuration of Web applications has become the first and last line of defense against malicious attacks and confidential data leaks. A recent study suggests in 2007 more than 70 million records will be exposed, unprotected or compromised via cyber-attack. CLICK HERE

Info Security Products Guide
this article
COMPARE and print reports
RATE products

Tomorrow's Technology Today - Security Testing


Hailstorm Enterprise ARC addresses application security across the enterprise, and the only one to include patented fault injection technology that also leverages virtualization to provide continuous web application security throughout the application lifecycle. With its intelligent dashboard (rolling in data from all other key application security tools and manual pen testing), Cenzic Hailstorm Enterprise ARC gives companies the ability to automatically discover and inventory applications, viewing comprehensive security status with complete workflow from a central console. Hailstorm Enterprise ARC enables companies to automatically identify all web applications within an environment via web application discovery tool and provides quantitative HARM™ (Hailstorm Application Risk Metric) scores pinpointing vulnerability levels of applications.

Hailstorm Enterprise ARC provides automated security assessment of custom and commercial web applications and works throughout the software development lifecycle to help remediate security vulnerabilities, guide enforcement of internal security policies and support regulatory compliance. With its dashboard views of applications, departments, business units, security and compliance, executives are armed with real-time status of the enterprise and the ability to launch and test any application. Key benefits include:

  • Intelligent dashboard provides key metrics
  • Uber dashboard for all other application security solutions
  • Shared database provides integrated reporting and maintains all summary and detail results (MySQL or Oracle)
  • Prioritize your vulnerabilities with the industry's first and only quantitative score called HARM™
  • Web server provides dashboard status of application security on a real-time, need-to-know basis
  • Job execution engine automatically discovers applications and performs ongoing assessments using SmartAttack™ library
  • Measurement of overall and individual application risk
  • Role-based visibility
  • Messaging for workflow support
  • Administrator control over user roles, tasks and privileges
  • Complete SmartAttack™ library and SmartAttack™ Modeler with rapid configuration and application-specific settings

Cenzic’s technology goes beyond a signature-based approach by emulating a hacker’s attack method - Cenzic maintains the active state of the application while attacking from the browser level. This method allows Cenzic’s solutions to be the only ones to find all critical vulnerabilities, including application logic tests such as session hijacking, strong passwords, privacy policy validation, etc., on top of all the core vulnerabilities like XSS, Buffer Overflow, SQL Disclosure, and others. 

Cenzic holds the one of the most important patents for web application security assessment using Fault Injection. The latest release includes integration of key vulnerability information from other sources, including competitors – no web application security software provides as thorough integration and coverage, with documented no false negatives reported.

Furthermore, only Cenzic solutions can test for vulnerabilities across all types of applications and Web infrastructures.  Cenzic’s Hailstorm is also the only solution in the industry that provides a complete risk management approach by discovering all the applications automatically and providing automated assessments from a dynamic and intelligent dashboard.  Cenzic’s recent innovative product release that integrated with VMware now enables customers to test their production applications through virtualization. Production applications are tested n a secure, virtual environment – leaving the live application intact until the vulnerabilities are located and secured. This innovative approach makes Cenzic the only Web application security provider utilizing the powerful tools of virtualization to secure applications through all phases of the software development lifecycle.

In addition, Cenzic’s solutions integrate with other leading products in the software development lifecycle such as HP Mercury, Borland Gauntlet, Bugzilla, and others.

Conclusion: Organizations transmitting data via the Internet is at risk and benefits from security-tested web applications - Hailstorm does so with patented fault injection technology while providing lifecycle application security through testing within virtualized environments. Additionally, Hailstorm supports compliance mandate adherence, providing the only integrated dashboard including data from other security solutions.

455 El Camino Real, Suite 100
Santa Clara, CA 95050
Tel: +1-866-423-6942