New Users

Register

Excellence in Application Security

Product: Cenzic® Hailstorm® 3.1
Family: Cenzic® Hailstorm®
Vendor: Cenzic

Product Description: Hailstorm is an application security assessment solution that helps organizations automate the process of testing applications for security vulnerabilities, enforce internal security policies and promote compliance with regulatory requirements. Hailstorm is based on a unique, patent-pending technology called Stateful Assessment™, which uses advanced spidering and fault detection technology to maintain the state of an application during assessment, tracking series of transactions and identifying vulnerabilities (as opposed to other offerings which merely compare signatures). In short, this approach allows the product to emulate the way real hackers or manual testers work in order to test applications for security vulnerabilities and compliance issues.

Key Features & Benefits:

  • Hailstorm includes attack objects that are written to verify application resistance to attack, phishing attacks, access control attacks, zero day attacks, and compliance with internal policies and government regulations. Finds more vulnerabilities across commercial and custom developed applications with the lowest number of false positives by utilizing advanced spidering and fault detection technology.
  • Simplified implementation with easy to use assessment wizard and assessment scheduler
  • Management dashboard provides snapshot views of vulnerabilities enabling quick response and optimum allocation of resources
  • Auto-updater allows customers to download latest attack objects updates from Cenzic remote server
  • Role-based application security vulnerability management from Infosec, auditors, and QA professionals. Infosec defines the SmartAttacks required while auditors and QA professionals test systems for compliance.
  • Proven assessment methodology leverages the expertise of its CIA lab to help enterprises more quickly resolve issues. By following the assessment methodology, Hailstorm customers can rapidly bake the industry's best practices into their organization's application testing process.
  • The industry's first-ever market-focused application security assessment capabilities for the most vulnerable industries, including financial services, e-retail, and healthcare. Taking advantage of Hailstorm's configurable SmartAttack™ Library to application testing, vertical-focused packages increase focus and reduce time to resolution for customers.

Highlights: The SmartAttack Library consists of hundreds of attack objects that can be used enterprise-wide to test thousands of vulnerabilities in Web applications. The library is updated on a regular basis – similar to an anti-virus model - through the company’s own research laboratory to make sure that any new vulnerabilities are addressed.

A main differentiator is that these objects are provided as templates which allow users to actually customize SmartAttack objects for their particular needs, and also to generate new objects. These objects can test for:

• Cross-site scripting, buffer overflow, SQL Injection, session management, cross-frame scripting, HTTP response splitting, phishing, and many other common vulnerabilities

• Compliance with internal policies

• Compliance with regulations such as Gramm-Leach-Bliley, HIPAA, California Senate Bill 1386, Sarbanes-Oxley, Basel II and others

• Security flaws in application logic such as failures to implement strong password

End-Users: The main target audience includes financial institutions and e-commerce organizations, - these types of enterprises in particular rely on the web to conduct everyday, mission-critical business practices that involve confidential, personal information (online banking, credit card information, etc.). However, basically any type of organization that utilizes the Internet to transmit data is at risk and benefits from security testing on their web applications. This includes organizations in the educational and healthcare fields. In an additional sense, because Hailstorm checks for adherence to regulatory and compliance mandates (both corporate and governmentally enforced policies), it is a very useful tool for healthcare institutions and, again, financial institutions (in terms of HIPAA, GLBA, SOX, and the like).

Cenzic, Inc.
455 El Camino Real
Suite 100
Santa Clara , CA 95050
Tel: +1 866-4-CENZIC (866-423-6942)

RATE THIS PRODUCT

Features & Benefits

1    2    3    4    5   


RATING GUIDELINES

5 is Excellent
4 is Very Good
3 is Good
2 is Satisfactory
1 is Worst

 

Performance

1    2    3    4    5   

Interfaces (only for h/w)

1    2    3    4    5   

Form Factor (only for h/w)

1    2    3    4    5   

Documentation

1    2    3    4    5   

Ease of installation

1    2    3    4    5   

Manageability

 1    2    3    4    5   

Support & Service

1    2    3    4    5   

Future Proofing (upgradeability)

1    2    3    4    5   

Price

1    2    3    4    5   
     

  Pros :
  Cons :
  Recommend to others : Yes    No   
       
  Yes, I want to subscribe to email newsletters from Info Security Products Guide
  Yes, I am an end-user and would like to be included in the voters list
       
  Full Name :
  Company Name :
  Title :
  Address :
  City :
  State :
  Country :
  Telephone :
(with area & country code)
  Email Address :
  Renter Email Address :
       
  I am: Existing end-user Prospective Customer Other:
       
   
       

HOME |

ADVERTISE WITH US |

TELL US ABOUT YOURSELF |

UPDATED PRIVACY POLICY |

 CONTACT OUR EDITORS |

Copyright © 2006 Silicon Valley Communications - All rights reserved.

Info Security Products Guide   Storage Products Guide