News
3/18/2014
11:10 AM
Connect Directly
RSS
E-Mail
50%
50%

TrustWave Acquires Application Scanning Vendor Cenzic

As a result of the acquisition, Trustwave will deliver both static and dynamic security testing as integrated, subscription-based services

CHICAGO, IL--(Marketwired - Mar 18, 2014) - Trustwave today announced the acquisition of Cenzic, Inc. The acquisition brings together Cenzic's dynamic application security testing technologies with Trustwave's cloud-based application, database and network penetration testing and scanning services. The combination will create one of the industry's broadest, integrated security testing platforms designed to help businesses rapidly identify and address security weaknesses, thereby significantly helping to reduce threats and risks.

Powered by its patented Hailstorm technology, Cenzic enables organizations to continuously assess cloud, mobile and web applications for vulnerabilities. As a result of the acquisition, Trustwave will deliver both static and dynamic security testing as integrated, subscription-based services that will help secure those applications throughout their lifecycle. Integration of Cenzic solutions with web application firewalls and security information and event management systems, including those from Trustwave, offers additional layers of protection.

"This acquisition brings together two security leaders who understand the power automation brings to managing the aggressive and evasive threats we're seeing today," said Robert McCullen, Chairman and Chief Executive Officer at Trustwave. "Cenzic's highly automated and scalable security testing platform supercharges our ability to deliver integrated testing across a high volume of applications. This acquisition marks another milestone in Trustwave's strategy to deliver comprehensive, automated and integrated security, compliance and threat intelligence solutions to the industry -- all delivered through the cloud."

Testing today's cloud, mobile and web applications requires a combination of static and dynamic application security testing techniques. "The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced web applications and dynamic languages, are forcing the need to combine dynamic and static testing capabilities, which is reshaping the overall market," wrote industry analysts in a recent report about application security testing.

Static application security testing (SAST) examines non-running applications by looking at source code or binaries -- often before business-critical applications are launched. Dynamic application security testing (DAST) is focused on continuously probing running applications to look for vulnerabilities on an ongoing basis.

Businesses and governments increasingly rely on cloud, mobile and web applications to interact with customers, partners and suppliers, and those applications are constantly at risk from hackers who exploit security vulnerabilities. Cenzic research found that 96% of all applications tested in 2013 had one or more serious security vulnerabilities with a median of 14 per application.

Cenzic automates security testing across all applications types -- cloud, mobile and web. Cenzic solutions scale from a single application to enterprise-level deployments, and its intelligent technology uses behavioral, stateful and learning algorithms to help ensure the highest accuracy for automated assessment of even the most complex applications.

Founded in 2000 and headquartered in Silicon Valley, Cenzic tests more than half a million online applications and helps secure trillions of dollars of commerce for Fortune 1000 companies, government agencies, universities and small and medium businesses.

Financial terms were not disclosed.

Additional Resources

Report: 2014 Security Pressures Report from Trustwave

Report: Cenzic Application Vulnerability Trends Report: 2014

Report: 2013 Trustwave Global Security Report

News: Trustwave Introduces On-Demand Penetration Testing (October 2013)

Video: Trustwave Managed Security Testing

About Trustwave

Trustwave helps businesses fight cybercrime, protect data and reduce security risks. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs while safely embracing business imperatives including big data, BYOD and social media. More than two million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective data protection, risk management and threat intelligence. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit www.trustwave.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.