SOURCE: Cenzic

May 06, 2008 07:30 ET

Cenzic Certified as PCI Approved Scanning Vendor

Cenzic ClickToSecure Service Goes Beyond Just Certification by Providing Industry Leading Application Security Assessment as Deadline for Requirement 6.6 Looms

SANTA CLARA, CA--(Marketwire - May 6, 2008) - Cenzic, the leading provider of application security vulnerability assessment and risk management solutions, today announced the company's managed service, Cenzic ClickToSecure, has completed the PCI Security Standards Council's testing process and received Approved Scanning Vendor (ASV) Certification. Cenzic successfully met all the PCI Security Standards Council's requirements to allow its ClickToSecure SaaS to validate compliance with the Payment Card Industry Data Security Standard (PCI DSS). This will enable Cenzic to help customers in complying with PCI while strengthening its application security posture.

Cenzic is also well positioned to far exceed the requirement 6.6 as clarified recently by the PCI Council. The intent of requirement 6.6 is to ensure Web applications exposed to the public Internet are protected against the most common types of malicious input by June 30, 2008. The new guidelines clarify what the "code review" implies in this section. According to the council, two of the options for code reviews include:

* Manual Web application security vulnerability assessment

* Proper use of automated Web application security vulnerability assessment tools

Cenzic offers both a manual and an automated assessment solution with a comprehensive suite of tests to secure its Web applications.

"Becoming a certified Approved Scanning Vendor enables us to give our clients a validation for PCI compliance," said John Weinschenk, CEO of Cenzic. "While getting certification is important, Cenzic provides comprehensive application security assessment, helping customers truly secure their Web applications. We help customers focus on securing their users information by securing their infrastructure. Compliance with PCI and other standards is a natural by-product of a strong security discipline."

The PCI Data Security Standard (DSS), endorsed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., requires merchants and service providers that store, process or transmit customer payment card data to adopt information security controls and processes to ensure data integrity. Participating payment brands require PCI DSS compliance reports by a certified third-party assessor for on-site audits of merchants and service providers that process payment card transactions. More information on the Council and the standard can be found at

"The PCI Security Standards Council is committed to helping everyone involved in the payment chain protect consumer payment data," said Bob Russo, General Manager, PCI Security Standards Council. "By participating in the ASV certification process, Cenzic demonstrates they are playing an active part in this important end goal."

Cenzic ClickToSecure is a Software as a Service available to asses applications remotely and determine attack resistance, regulatory compliance and potential security flaws in one or more applications. As an ASV, ClickToSecure is certified to conduct automated PCI Data Security Standard compliance assessments. For more information on ClickToSecure, please visit

Furthermore, Cenzic Hailstorm, the industry's leading solution in Web application security assessment and risk management includes a comprehensive package for PCI Compliance for customers who want do their own ongoing self-testing.

About Cenzic

Cenzic is the next-generation Web application security assessment and risk management solutions leader. The Cenzic suite of application security solutions fits the need of any company from remote, Software as a Service (ClickToSecure®), for testing one or more applications, to a full enterprise-wide solution (Cenzic Hailstorm® Enterprise ARC) for effectively managing application security risks across an enterprise. Always an innovator, Cenzic has integrated Hailstorm with VMware to enable testing of production Web applications through virtualization -- making Cenzic the only company in the industry with a complete solution for assessing Web applications in all stages from development to production. In addition, Cenzic solutions, targeted at financial services, e-retail, high-tech, energy, healthcare and government sectors, are the most accurate, comprehensive and extensible in the industry, empowering organizations to stay on top of unrelenting application security threats.

About the PCI Security Standards Council

The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of the PCI Data Security Standard and other standards that increase payment data security. The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS). Merchants, banks, processors and point of sale vendors are encouraged to join as Participating Organizations.

Contact Information

  • Contact:
    Tami Casey
    Kulesa Public Relations for Cenzic
    (650) 340-1984
    Email Contact