SOURCE: Cenzic

December 10, 2007 08:15 ET

Cenzic Introduces Automated Security Assessment of Web Applications in Production Through Virtualization

Cenzic Changes the Game Again by Integrating Hailstorm Enterprise ARC With VMware Lab Manager and VMware VirtualCenter to Enable Testing of Deployed Applications

SANTA CLARA, CA--(Marketwire - December 10, 2007) - Cenzic Inc., a leader in Web application security assessment and risk-management, today announced its solution for the virtualization arena with the integration of its flagship product line, Cenzic Hailstorm® Enterprise ARC (Application Risk Controller) with VMware Lab Manager and VMware Virtual Center. Cenzic is the first company to allow automated security assessment of Web applications in production through virtualization.

Additional features in Hailstorm Enterprise ARC 5.5 include major enhancements to compliance reporting, in which users generate assessment reports based on specific regulations such as PCI, GLBA, HIPAA, or AB 1950, and to the risk management dashboard, which now enables users to sort their vulnerabilities by HARM, a quantitative score which lets users easily see which vulnerabilities have the highest risk. The release also includes many features to enhance the user experience and tighten integration with other application security solutions. Many of these features will also be supported in Hailstorm Professional 5.5.

Most Web application testing occurs at the development or quality assurance stages. But because security testing on deployed Web applications can put data at risk of corruption, testing production Web applications is often avoided. This leaves applications at risk to vulnerabilities that have emerged since the application was initially tested.

"Roughly 90 percent of Web applications are in production at any given point, and these applications are exposed and vulnerable to hackers," said John Weinschenk, president and CEO of Cenzic. "Since application security assessment is an invasive process with the potential to corrupt databases and impair applications, security testing on deployed applications hasn't been a viable solution. Cenzic is helping its customers with a new approach by integrating the application security assessment solution with virtualization solutions from VMware. With this breakthrough solution, customers can not only test applications in development or Q.A. but truly through the entire software development lifecycle (SDLC) including operations."

By integrating with virtualization technology, Cenzic customers will be able to continuously test production applications in a virtual or "staging" environment without the risk of compromising the environment. This will not only help organizations test all their applications but also allow them to continuously test Web applications for new application vulnerabilities, which are averaging more than 400 a month. When a vulnerability is identified, organizations can make a decision to either fix the vulnerability and push the revised version into production or take other measures such as configuring their application firewalls to prevent hackers from attacking the application.

"Given today's threat environment, it is imperative that organizations ensure that their production applications are secure. Unfortunately many organizations do not test their production Web applications for vulnerability to new threats because they fear service interruptions or data corruption," said Michael Montecillo, analyst at Enterprise Management Associates. "The integration of Web application security and virtualization provides new avenues for aggressively testing these applications and will allow companies to be more proactive about application security issues."

Many companies are already moving toward virtualization for improved data center automation and management, reduced operational and energy costs and increased overall operational efficiency. "One of the biggest challenges in securing Web applications is how to test the applications in an environment that is identical to that of the live application without risking data corruption or disruptions to customers," said Andrew Wing, systems architect at Teranet Inc., a Canadian e-commerce company with several web-based applications. "The concept of virtual testing brings a lot of benefit and a sense of safety. Integrating Hailstorm with VMware Lab Manager and VirtualCenter will allow us to identify an issue, pull out the specific application, fix it and put the secure application back in production quickly. Not only will this save us time and money, but the ability to test deployed applications will ensure customers that we are providing the safest environment possible for their online transactions."

For more information on Continuous Web Application Security, a Cenzic white paper detailing testing deployed Web applications via a virtual environment is available for download at

About Cenzic

Cenzic is the innovative leader of next-generation application security assessment and risk management solutions that quickly and accurately find more "real" application vulnerabilities in both legacy Web 1.0 and Web 2.0 applications. The Cenzic suite of application security solutions fits the needs of any company from remote, Software as Service (ClickToSecure®), for testing one or more applications, to a full enterprise-wide solution (Cenzic Hailstorm Enterprise ARC) for effectively managing application security risks across an enterprise. Cenzic solutions, targeted at financial services, e-retail, high-tech, energy, healthcare and government sectors, are the most accurate, comprehensive and extensible in the industry empowering organizations to stay on top of unrelenting application security threats.

Contact Information

  • Contact Information:
    Tami Casey
    Kulesa Public Relations for Cenzic
    (650) 340-1984
    Email Contact