SOURCE: Cenzic

May 13, 2008 07:00 ET

Cenzic Report Shows Popular Commercial Applications Continue to Have Severe Vulnerabilities

Web Application Security Provider Discovers Majority of Vulnerabilities in Well-Known Commercial Application Sources; From SAP, Adobe, Microsoft and IBM Rational in Q1 Trends Report

SANTA CLARA, CA--(Marketwire - May 13, 2008) - Your organization's most-used software may also be the most vulnerable, according to Cenzic Inc.'s Q1 2008 Application Security Trends Report. Cenzic, the leading provider of application security vulnerability assessment and risk management solutions, today released the report revealing the Top 10 vulnerabilities companies faced in the beginning of 2008. Vulnerabilities found were from many well-known commercial application sources such as SAP, Adobe, Java, Apache, Microsoft, Asterisk and IBM Rational.

"We're seeing many patterns over time, and our results remain consistent with the Symantec Internet Security Threat Report for the second half of 2007 -- that organizations are still not taking the proper initiatives to secure their Web applications," said Mandeep Khera, vice president of marketing at Cenzic. "With organizations required to become compliant with PCI requirement 6.6 by June 30, they need to act aggressively. Many of these vulnerabilities are being discovered in the most commonly-used commercial applications. However, most proprietary applications have even more vulnerabilities that are never fixed. PCI Compliance is important, however it's even more important to protect customer information by getting security vulnerabilities fixed in applications. Cenzic can not only help organizations become compliant, but can also discover, assess and remediate Web application vulnerabilities from the start."

Cenzic is also certified as a PCI Approved Scanning Vendor and exceeded the PCI 6.6 requirements pertaining to Web application security.

Cenzic Application Security Trends Report Q1 2008

The Cenzic Application Security Trends Report emphasizes the Top 10 Web application vulnerabilities from published reports in Q1 2008, illustrating trends among thousands of corporations, financial institutions and government agencies. In the report, Cenzic identified 1,409 unique published vulnerabilities for the first quarter of 2008, with Web technology vulnerabilities comprising 70 percent of the vulnerability volume and 65 percent of the total vulnerabilities classified as easily exploitable.

As part of the study, Cenzic incorporated findings from Cenzic ClickToSecure, its leading-edge managed security assessment and penetration testing service (SaaS), and research from Cenzic Intelligent Analysis (CIA) Labs. Some of the key findings include:

-Seven of 10 analyzed Web applications engaged in insecure communication practices could potentially lead to the exposure of sensitive or confidential user information during transactions.

-Cross-Site Scripting continues to be the most common injection flaw type, affecting seven out of 10 Web applications.

-Approximately two out of 10 Web applications were found to be vulnerable to types of SQL injection attacks that could result in a direct compromise of the application's back-end user by an attacker.

-Information leaks and exposures, Cross-Site Scripting and session management were among the most prevalent vulnerabilities.

To download a PDF version of the Q1 Trend Report, please visit In addition, for a fast and easy way to prioritize and remediate your vulnerabilities before they are exploited by hackers, sign up to get an assessment of your Web applications from Cenzic.

About Cenzic

Cenzic is the next-generation Web application security assessment and risk management solutions leader. The Cenzic suite of application security solutions fits the need of any company from remote, Software as a Service (ClickToSecure®), for testing one or more applications, to a full enterprise-wide solution (Cenzic Hailstorm® Enterprise ARC) for effectively managing application security risks across an enterprise. Always an innovator, Cenzic has integrated Hailstorm with VMware to enable testing of production Web applications through virtualization -- making Cenzic the only company in the industry with a complete solution for assessing Web applications in all stages from development to production. In addition, Cenzic solutions, targeted at financial services, e-retail, high-tech, energy, healthcare and government sectors, are the most accurate, comprehensive and extensible in the industry, empowering organizations to stay on top of unrelenting application security threats.

Contact Information

  • Contact:
    Tami Casey
    Kulesa Public Relations for Cenzic
    (650) 340-1984
    Email Contact