New Users
Home
Analysts & Consultants
People
Channel Advantage
Products
Technology
Case Studies
Awards
About This Guide
Beyond Simple Vulnerability Scanning
Current Scenario: Traditional Web security has focused primarily on three areas: hardening the web infrastructure perimeter, conducting external Audits, and using an application vulnerability assessment scanner to uncover known vulnerabilities. Each of these techniques does provide value, however they do not provide the complete coverage needed to reduce the risk of attack. Penetration tests and code reviews are often performed after the fact and do not tie the loop of vulnerability “bug” to regression testing and fixing, and provide no leverage for repeatability. Application Vulnerability assessment scanners are OK for discovery and assessing commercial applications but not custom applications. They only scratch the surface and are often inaccurate in their findings.
Tomorrow's Technology Today: Cenzic provides breakthrough enterprise software and services for automated application security assessment and policy compliance testing that allow corporations and government organizations to dramatically improve the security of commercial and custom applications. Breakdown of products and services: Cenzic Hailstorm® enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities. Hailstorm benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Leveraging its breakthrough technology, Hailstorm provides a comprehensive coverage of wide variety of attacks that go beyond the basic coverage of Buffer Overflow, XSS, and SQL Injection and includes application logic tests, session management attacks, and regulatory compliance tests for PCI Compliance, GLBA, HIPAA, SB1386, AB1950, and many others. In addition, Hailstorm’s Stateful Assessment approach provides a comprehensive solution to test all commercial and custom applications. Cenzic ClickToSecure™ service is a software-as-a-service (SaaS) offering that combines the functionality of an enterprise-class application security assessment product with the flexibility of a managed security service. Cenzic takes its managed service seriously and takes extra steps to ensure that customers feel comfortable in outsourcing its application security testing to Cenzic. Some of these special considerations include: (1) all Cenzic employees have to get a thorough background check ; (2) Secure infrastructure with full data protection; (3) Automated tests combined with analysis from security consultants; (4) Free re-test for fixed vulnerabilities. Cenzic Assessment Methodology completes the solution with a state-of-the-art business process consulting service to help customers improve their application security methodologies. Cenzic's current focus includes financial services, e-retail, healthcare, high-tech, and government sectors. Stateful security assessment automation performs rapid and comprehensive web application penetration testing by emulating an army of hackers. Next-generation automation solutions utilize stateful methods to produce accurate results. Leveraging automation, a stateful assessment solution acts as if it were a hacker working through dynamic web responses to find vulnerabilities. The ability to test within a changing online environment results in very high accuracy and extremely low false positives. Where manual penetration testing projects take weeks or months to accomplish, stateful assessment solutions can achieve the same or better results in hours. Stateful assessment finds vulnerabilities in real time, automates the same tasks performed by manual testers and works across a variety of development platforms. Stateful assessment recreates the exact steps a hacker would take to exploit vulnerabilities, yet does it in a fraction of the time. Stateful assessment employs a software fault injection methodology that observes the interactions among web application components to identify vulnerabilities. Benefits of Stateful Assessment Solutions: Stateful security assessment automation offers dramatic benefits, including: Protects data from theft: Stateful assessment guards web applications against information theft by exposing vulnerabilities that hackers might exploit and returns clear and complete remediation information. Stateful assessment helps companies find and fix problems before any harm is done. Ensures regulatory compliance: Stateful assessment also helps companies meet regulatory compliance requirements by correlating testing to specific regulations. Because stateful assessment is policy-based, businesses can also direct the solution to test whether an application is meeting corporate compliance guidelines. Eliminates reliance on costly experts: Stateful assessment eliminates the need for trained web security assessment professionals. Automation allows businesses to simply repeat security assessments each time a web application is upgraded, eliminates human error and significantly reduces false positive results. Additional benefits include: • Replaces inefficient and error-prone scanning tools • Streamlines the testing of application updates via auditable and repeatable processes • Reduces the time needed for security testing by an order of magnitude
Tomorrow's Technology Today: Cenzic provides breakthrough enterprise software and services for automated application security assessment and policy compliance testing that allow corporations and government organizations to dramatically improve the security of commercial and custom applications. Breakdown of products and services:
Cenzic Hailstorm® enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities. Hailstorm benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Leveraging its breakthrough technology, Hailstorm provides a comprehensive coverage of wide variety of attacks that go beyond the basic coverage of Buffer Overflow, XSS, and SQL Injection and includes application logic tests, session management attacks, and regulatory compliance tests for PCI Compliance, GLBA, HIPAA, SB1386, AB1950, and many others. In addition, Hailstorm’s Stateful Assessment approach provides a comprehensive solution to test all commercial and custom applications.
Cenzic ClickToSecure™ service is a software-as-a-service (SaaS) offering that combines the functionality of an enterprise-class application security assessment product with the flexibility of a managed security service. Cenzic takes its managed service seriously and takes extra steps to ensure that customers feel comfortable in outsourcing its application security testing to Cenzic. Some of these special considerations include: (1) all Cenzic employees have to get a thorough background check ; (2) Secure infrastructure with full data protection; (3) Automated tests combined with analysis from security consultants; (4) Free re-test for fixed vulnerabilities.
Cenzic Assessment Methodology completes the solution with a state-of-the-art business process consulting service to help customers improve their application security methodologies. Cenzic's current focus includes financial services, e-retail, healthcare, high-tech, and government sectors.
Stateful security assessment automation performs rapid and comprehensive web application penetration testing by emulating an army of hackers. Next-generation automation solutions utilize stateful methods to produce accurate results. Leveraging automation, a stateful assessment solution acts as if it were a hacker working through dynamic web responses to find vulnerabilities. The ability to test within a changing online environment results in very high accuracy and extremely low false positives. Where manual penetration testing projects take weeks or months to accomplish, stateful assessment solutions can achieve the same or better results in hours. Stateful assessment finds vulnerabilities in real time, automates the same tasks performed by manual testers and works across a variety of development platforms. Stateful assessment recreates the exact steps a hacker would take to exploit vulnerabilities, yet does it in a fraction of the time. Stateful assessment employs a software fault injection methodology that observes the interactions among web application components to identify vulnerabilities.
Benefits of Stateful Assessment Solutions: Stateful security assessment automation offers dramatic benefits, including: Protects data from theft: Stateful assessment guards web applications against information theft by exposing vulnerabilities that hackers might exploit and returns clear and complete remediation information. Stateful assessment helps companies find and fix problems before any harm is done. Ensures regulatory compliance: Stateful assessment also helps companies meet regulatory compliance requirements by correlating testing to specific regulations. Because stateful assessment is policy-based, businesses can also direct the solution to test whether an application is meeting corporate compliance guidelines. Eliminates reliance on costly experts: Stateful assessment eliminates the need for trained web security assessment professionals. Automation allows businesses to simply repeat security assessments each time a web application is upgraded, eliminates human error and significantly reduces false positive results. Additional benefits include: • Replaces inefficient and error-prone scanning tools • Streamlines the testing of application updates via auditable and repeatable processes • Reduces the time needed for security testing by an order of magnitude
Conclusion: Hailstorm enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Using a Stateful Assessment™ approach, Hailstorm is able to provide highly accurate results with minimal false positives. Cenzic ClickToSecure™ is a managed service that allows customers to leverage the power of Hailstorm by having Cenzic run remote assessments without any software or hardware installation.
Cenzic 455 El Camino Real Suite 100 Santa Clara, CA 95050 USA Tel: +1 866-4-CENZIC (866-423-6942)
Download the actual white paper From Info Security Products Guide site: CLICK HERE
Recommend this to others:
HOME |
ADVERTISE WITH US |
TELL US ABOUT YOURSELF |
UPDATED PRIVACY POLICY |
Copyright © 2006 Silicon Valley Communications - All rights reserved.
