New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
 
Protecting the Web from Hacker Attacks

CURRENT THREAT SCENARIO

Hackers continue to attack at the Web application level relentlessly. Exploiting SQL Injection, Cross-Site Scripting, Session Hijacking, Weak Passwords, and other vulnerabilities, as the “low hanging fruit.” Universities, banks, Government agencies, e-retail companies, high-tech companies, and social networking sites like Twitter and Facebook have all been victims of repeated attacks. Businesses have lost billions of dollars in these attacks. In spite of these breaches, most corporations are doing very little to secure their Web applications. With network infrastructure, albeit not perfect but pretty secure, hackers are putting their efforts going after the weakest link – Web applications. As Cenzic pointed out in our trends report for the first half of 2010, the majority of vulnerabilities continue to be in Web applications. Many of these vulnerabilities have a public exploit and even when patches are available, most companies still haven’t deployed patches. While some have good intentions but the task of securing applications can seem daunting causing them to delay their initiatives. This is a dangerous game and is analogous to you avoiding going to the doctor while waiting for heart attack to happen. Many others haven’t done much due to a lack of knowledge or awareness. Again using a medical analogy, if you don’t know that high cholesterol food can kill you, you’ll continue to have the same diet as before. In the case of Web application security, what you don’t know can really hurt you.

Tomorrow's Technology Today
Web Application Security

WHAT DOES THIS TECHNOLOGY DO?

Cenzic addresses application security across the enterprise, and is the only solution which includes patented fault injection technology. With its intelligent and dynamic dashboard Cenzic’s flagship product, Hailstorm Enterprise Application Risk Controller (ARC) gives companies the ability to automatically discover and inventory applications, assess applications to find vulnerabilities, provide remediation information, providing a comprehensive view of security status to manage risk with complete workflow from a central management console. The results also include a quantitative score called HARM™ (Hailstorm Application Risk Metric) measuring vulnerability levels of applications.The Hailstorm Enterprise ARC software provides automated security assessment of custom and commercial web applications and works throughout the software development lifecycle to help remediate security vulnerabilities, guide enforcement of internal security policies and support regulatory compliance. With its dashboard views of applications, departments, business units, security and compliance, executives are armed with real-time status of the enterprise and the ability to launch and test any application.

Cenzic holds one of the most important patents for web application security assessment using Fault Injection. Cenzic is the only company to allow testing of applications throughout the Software Development Lifecycle (SDLC) including deployed applications in production. Customers can test their live Web sites using Hailstorm’s built-in algorithms or by using Hailstorm’s integration with VMWare Lab Manager and Virtual Center without corrupting the database. Organizations can use the Cenzic solutions to achieve compliance with a myriad of regulations including PCI, California AB1950, GLBA, HIPAA, FISMA, and many others.

CONCLUSION:

Cenzic is the trusted provider of software, managed service, and cloud security products that help organizations secure their websites against hacker attacks. Cenzic focuses on Web application security, automating the process of identifying security defects at the Web application level where more than 75% of attacks occur, help customers in remediating those defects, manage risk and get compliance with regulations such as PCI. Cenzic is unique in the industry as its products are built on a non-signature-based patented technology. Cenzic solutions secure websites of numerous F1000 companies including all major security companies, leading government agencies and universities, and hundreds of SMB companies.Cenzic also offers clients a flexible suite of products including software (for organizations that have internal expertise), Software as a Service (for organizations with limited expertise or internal resources), and a hybrid of both Software and SaaS (for organizations that want to deploy the software in-house but want to supplement their resources due to a large number of Web applications).

Cenzic
455 El Camino Real Ste 100
Santa Clara, CA 95050 USA

Bookmark and Share  

Follow us on twitter   Join us on LinkedIn   Photos on flickr   Watch us on YouTube   Become our fan on Facebook   Google   

Volunteer To Be A Judge
Apply today to be a preliminary-round judge for the 2011 awards. If you qualify, you'll be assigned categories based on your experience and industry. Apply now to be a Judge>>
More Tomorrow's Technology Today...
Current threat scenarios and how technologies are providing solution Learn more>>