SOURCE: Cenzic

June 16, 2008 07:55 ET

Cenzic's New Release Boosts Its Award-Winning Web Application Security Solutions

Hailstorm Enterprise ARC 5.7 Released in Time for PCI Council Requirement 6.6 Deadline and Delivers Significant Enhancements for Web Services, PCI Compliance, Productivity, Usability, Reporting and Various New Critical Attacks

SANTA CLARA, CA--(Marketwire - June 16, 2008) - Cenzic, the leading provider of Web application security vulnerability assessment and risk management solutions, today announced its 5.7 release of Cenzic Hailstorm Enterprise ARC (Application Risk Controller) and Cenzic Hailstorm Professional products with several new features. Hailstorm 5.7 meets the June 30 compliance deadline for PCI Requirement 6.6 and is an aid to organizations working to comply with this demanding Web security requirement.

The intent of PCI Council Requirement 6.6 is to ensure Web applications exposed to the public Internet are protected against the most common types of malicious input. According to the council, the two options for code reviews are manual Web application security vulnerability assessment and proper use of automated Web application vulnerability assessment tools. Cenzic, a PCI Council Approved Scanning Vendor (ASV), offers both an automated assessment solution, through its Software as a Service (SaaS) ClickToSecure as well as through the new Hailstorm release, which provides a comprehensive suite of tests to secure Web applications.

Several new enhancements are available in Hailstorm 5.7, including much stronger Web Services support, PCI Compliance reporting, a new user interface for the ARC Desktop Client and numerous usability and work flow improvements for the ARC dashboard, including: customizable dashboard charts, customizable report configurations, advanced email alerts and various other changes. Cenzic updates its SmartAttack™ library at least once per week. In addition, Cenzic has introduced five new significant SmartAttacks into the product suite that provide the best protection against the latest security vulnerabilities in the industry.

"Securing Web applications is one of the primary issues security professionals face today and the looming PCI deadline emphasizes this point for e-commerce sites," said Mike Montecillo, analyst at Enterprise Management Associations. "Mapping smart attacks to specific sections of the API requirement is an innovative approach and allows for a thorough security assessment for all applications on a continuous basis."

The five new SmartAttacks that have been integrated into the release are:

--  Cross Site Request Forgery - This SmartAttack can find and protect
    against vulnerabilities that cause unauthorized commands to be transmitted
    by a user unknowingly. Cross-Site Request Forgery (CSRF) is an attack
    vector that enables an attacker to send arbitrary HTTP or HTTPS requests
    from a victim user. This attack exploits the trust that a site has for a
    particular user.
    
--  Ineffective Session Termination - If a user session is not properly
    terminated, this SmartAttack can discover vulnerabilities that permit
    unauthorized access to that session.
    
--  Session ID Identification - Determines the exact parameter(s) used by
    the application to hold the session ID(s).
    
--  Application Path Disclosure - Reports each page where malicious input
    can lead to an internal application error revealing specific path
    information.
    
--  Platform Path Disclosure - This SmartAttack reports each page with
    path disclosure vulnerabilities.
    

"In this new version, we concentrated our energy on improvements that customers will appreciate while also demonstrating our continuous innovation," said John Weinschenk, CEO of Cenzic. "PCI Compliance is important to many of our customers and this release will further help them in getting compliant. Furthermore, the new SmartAttacks are very critical for customers and like many of our attacks, some of these are only offered by Cenzic solutions. As adoption of Web services continues to grow, we felt the need to offer additional support. Finally, the interface, customizable reporting, and various other features will make the user experience even more enjoyable with easy to access actionable information."

Cenzic's Hailstorm product suite includes assessing, analyzing, and resolving security vulnerabilities throughout the software development lifecycle (SDLC), and assists in compliance with regulatory standards. Cenzic's pre-crafted SmartAttack™ library enables enterprises to run tests out-of-the-box to find vulnerabilities in all Web applications, as well as enforce internal policies. The company's integration with Virtualization solutions, Q.A. tools, Source Code Scanners, Application Firewalls, and other security solutions gives enterprises the ability to easily address security issues as an integrated process. In addition, through its lab, CIA (Cenzic Intelligent Analysis) Research, Cenzic provides companies with ongoing and frequent updates to its SmartAttack library for the latest vulnerabilities and threats to stay ahead of the curve.

About Cenzic

Cenzic is the next-generation Web application security assessment and risk management solutions leader. The Cenzic suite of application security solutions fits the need of any company from remote, Software as a Service (ClickToSecure®), for testing one or more applications, to a full enterprise-wide solution (Cenzic Hailstorm® Enterprise ARC) for effectively managing application security risks across an enterprise. Always an innovator, Cenzic has integrated Hailstorm with VMware to enable testing of production Web applications through virtualization -- making Cenzic the only company in the industry with a complete solution for assessing Web applications in all stages from development to production. In addition, Cenzic solutions, targeted at financial services, e-retail, high-tech, energy, healthcare and government sectors, are the most accurate, comprehensive and extensible in the industry, empowering organizations to stay on top of unrelenting application security threats.

Contact Information

  • Contact:
    Tami Casey
    Kulesa Public Relations for Cenzic Inc.
    650-340-1984
    Email Contact