SOURCE: Cenzic

July 16, 2007 09:00 ET

Cenzic Unveils Two "Game-Changing" Application Security Releases

Hailstorm Enterprise ARC 5.0 Is Now the "Superset" Solution for Other Application Security Solutions Like SPI Dynamics, Watchfire, Fortify, and Manual Penetration Testing; Enterprise Solution Will Now Also Be Available as a Managed Service Called ClickToSecure ARC

SANTA CLARA, CA--(Marketwire - July 16, 2007) - Cenzic, the leading provider of application security assessment and risk-management solutions, today released a new version of the company's flagship product line, Cenzic Hailstorm® Enterprise ARC (Application Risk Controller) 5.0 and the latest edition of the company's managed service, ClickToSecure ARC, representing the only true application risk-management "superset" in the industry.

This announcement marks the first time that Hailstorm ARC has been made available as a managed service and also introduces the latest release of Hailstorm Enterprise ARC. New features include integration of the key vulnerability information from other sources, such as SPI Dynamics (being acquired by HP), Watchfire (being acquired by IBM), Fortify, and Manual Pen Testing solutions. The new release will also include seamless integration with Fortify's Source Code Analyzer. In addition, the enhanced managed service solution, ClickToSecure ARC, now offers an intelligent uber-dashboard to Cenzic's SaaS customers, allowing them the ability to outsource security testing to Cenzic while getting a comprehensive view of application security status with actionable information from a central console.

"During the testing process, we looked at the product offerings from Cenzic and other companies," stated Andrew Wing, systems architect at Teranet. "We chose Cenzic Hailstorm ARC because of its outstanding enterprise risk management capabilities, ease-of-use through its dynamic and intelligent dashboard and reports, the flexibility of the solution, the excellent support team and most importantly, the product produced significantly less false positives compared to the competition while finding more vulnerabilities."

The rate at which applications are being developed and updated in today's organizations is staggering. Web application security measures generally target testing across the Software Development Lifecycle (SDLC), however there are a significantly larger number of deployed applications in the production environment. Many of the Web applications in use today were deployed without testing, which leaves corporations and their customers vulnerable to attacks. Hailstorm Enterprise ARC 5.0 and ClickToSecure ARC are designed to address not only Web application vulnerabilities across the SDLC, but also to help with continuous testing in the production stage, an area that can easily make organizations vulnerable to attacks.

"We are very excited about this new Hailstorm ARC release which provides a holistic view of application security risk by bringing information from all major solutions together in one place," said John Weinschenk, CEO of Cenzic. "Many companies are using multiple solutions including commercial tools, open source tools, internal testing, and external penetration testing for application security. With information dispersed in various parts of the organization, it's very hard for CIOs and CISOs to understand, measure, and manage their application security posture. By providing a complete view at their finger tips while allowing continuous testing from development to production stages, Cenzic's new releases will make the process of securing applications much smoother and efficient."

Web application security testing is becoming one of the biggest risks for companies of all sizes. Due to the open nature of Web sites, hackers are exploiting the code of Web-based customer applications to steal confidential information, intellectual property or conduct unauthorized money transfers. As a service to programmers and corporations, Cenzic has published the Cenzic Application Security Trends Report, which lists analysis of reported vulnerabilities, including the most threatening, Web application probes, attack statistics, and key findings. In the recent Q1 2007 report, seven out of 10 deployed applications were vulnerable to serious attacks. The trend report is downloadable for free at

Hailstorm Enterprise ARC provides automated security assessment of custom and commercial Web applications and works throughout the SDLC -- whether in development, QA, or operations -- to help find and remediate security vulnerabilities, guide enforcement of internal security policies, and support regulatory compliance. The ClickToSecure service is structured to produce high impact results with minimal impact on the client organization. The service enables you to focus on your core competencies and let Cenzic take care of your application security assessment needs.

About Cenzic

Cenzic is the innovative leader of next-generation application security assessment and risk management solutions that quickly and accurately find more "real" application vulnerabilities in both legacy Web 1.0 and Web 2.0 applications. The Cenzic suite of application security solutions fit any company's needs from remote, Software as Service (ClickToSecure®), for testing one or more applications, to a full enterprise-wide solution (Cenzic Hailstorm® Enterprise ARC) for effectively managing application security risk across an enterprise. Cenzic solutions, targeted at financial services, e-retail, high-tech, energy, healthcare and government sectors, are the most accurate, comprehensive, and extensible in the industry empowering organizations to stay on top of unrelenting application security threats.

Contact Information

  • Contact:
    Tami Casey
    Kulesa Public Relations/ for Cenzic
    (650) 340-1984
    Email Contact