Government // Cybersecurity
10/8/2010
02:43 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Cenzic Announces Free Web Security Products And Services For October

Company is helping to promote cybersecurity awareness

SANTA CLARA, CA--(Marketwire - October 7, 2010) - Cenzic Inc., the leading provider of Web application security solutions, today announced its involvement with this year's Cyber Security Awareness Month, a national public awareness campaign that spotlights the importance of protecting the nation's critical cyber security infrastructure. As part of its efforts, the company will offer the following free resources and services to educate and protect businesses against the growing number of threats to Web security.

Cenzic is also supporting the National Cyber Security Alliance in their efforts to build cyber security awareness.

Free Website Security Testing with Cenzic Healthcheck For a limited time, the Cenzic Healthcheck program will provide a free application vulnerability assessment performed by Cenzic Web security experts using the company's ClickToSecure managed service solution.

As part of the Healthcheck, Cenzic will scan the Web pages of participating organizations to check for some of the most common application vulnerabilities or "holes" that hackers can exploit such as Cross-Site Scripting (XSS), Cross Frame Scripting, Password Autocomplete, and others.

Then, participants will receive a free PDF report containing: A summary of the website's "holes" (security flaws) and easy-to-read severity charts A prioritized listing of the most vulnerable website URLs A detailed description of each security flaw and remediation suggestions To access this free service, businesses must register between October 18th and October 22nd at https://www.cenzic.com/assets/hc2010/index.html.

Free E-book on Web Application security Cenzic will offer free access to its popular new e-book, "Achieving Web App Security Maturity: A CSO's Primer for Web Application Security Strategy" for the entire month of October. Featuring insight into the complex world of securing Web applications from a CSO's perspective, the book includes techniques to improve Web app security posture by testing applications throughout the SDLC, including production by: Discovering, categorizing, and prioritizing applications Blocking exploits Correcting mistakes, both proactively and reactively The guide also includes helpful hints that organizations in a variety of industries have used to protect their websites from hacker attacks.

Users can download the new e-book free of charge at https://www.cenzic.com/resources_e-book/.

Free Educational Sessions on Cyber Security In October, Cenzic executives will participate in several free online webinars to discuss current cyber security threats, trends, and solutions. They include: Paul Dot Com Webinar Date and Time: October 6 at 11 A.M. PST (recording available on http://pauldotcom.ning.com/ starting October 8th) Speaker: Lars Ewe, CTO at Cenzic 451 Group Webinar Date and Time: Recording available after October 15th on the Cenzic website Speaker: Joshua Corman, Research Director, 451 Group and Mandeep Khera, CMO at Cenzic In addition, Cenzic will continue its popular "Mythbusters" podcast, an online interview series on Web application security, when it welcomes Richard Steinnon, noted security industry analyst and writer at ThreatChaos.com and author of Surviving Cyberwar to talk about current cyber security topics.

To access these webinars and resources, please visit: https://www.cenzic.com/resources_overview/.

On October 20, John Weinschenk, CEO at Cenzic will present at the Office of Information Security's Annual IT Security Fair in Sacramento, California.

At this show, John will discuss issues surrounding cyber security awareness, including how the focus of many companies exclusively on network security can leave gaping holes in their web applications, leading to increased risk of hacker attacks. Cenzic CTO Lars Ewe will also present on October 13, at this year's Hacker Halted Conference in Miami, Florida.

Industry Expert Award Recognition In October, Cenzic will also announce its first-ever "Cenzic Cyber Security Superstar" award, recognizing an industry expert that has made the biggest strides in furthering the values exemplified by the Cyber Security Awareness Month. The award will be judged on the level of commitment the individual has shown for the cause as well as their willingness to educate others on cyber security issues.

Free Resources for Universities and Charities Cenzic continues its commitment to higher education by allowing faculty and students at universities to use Cenzic products for free to teach secure coding. Two of the many prominent universities that are already using its products to aid in Web application development courses include Stanford University in Palo Alto, California, and Rochester Institute of Technology (RIT) in Rochester, New York. With these products, students at these universities are able to scan and diagnose their newly created Web applications for any possible security flaws. With this initiative, Cenzic aims to pave the way for future generations of developers to create safer and more advanced web applications.

For more information on the use of Cenzic's products in higher education, please visit: http://www.cenzic.com/company/givingback/ or send an email to up@Cenzic.com.

Cenzic has also committed to helping out charities by giving the product or service for free to qualified charities so they can test their Web applications against hackers. For information on the charity program, please visit: http://www.cenzic.com/company/givingback/ or send an email to cop@Cenzic.com.

"The support of Web security awareness during this month is a great way for the industry to pull together to educate the masses and make Web security a top priority," said John Weinschenk, President and CEO of Cenzic. "Cenzic is committed to being at the forefront of Web application security working with industry leaders and companies to protect against hacker attacks. While the battle seems to be never ending, we are pleased to highlight cyber security in October and to offer free access to these Web application security resources for customers and noncustomers alike."

"Applications are the most attacked and least invested in area of information security. Knowing where to start can be difficult," said Joshua Corman, Research Director of Enterprise Security at The 451 Group and co-founder of www.ruggedsoftware.org. "Cyber Security Awareness Month is a great excuse to find and fix your first security bug. Be sure to take advantage of free tools and resources like those offered by Cenzic. The journey to Rugged software begins with a single step -- take one."

About Cenzic Cenzic, a trusted provider of software and SaaS security products, helps organizations secure their websites against hacker attacks. Cenzic focuses on Web Application Security, automating the process of identifying security defects at the Web application level where more than 75 percent of hacker attacks occur. Our dynamic, black box Web application testing is built on a non-signature-based technology that finds more "real" vulnerabilities as well as provides vulnerability management, risk management, and compliance for regulations and industry standards such as PCI. Cenzic solutions help secure the websites of numerous Fortune 1000 companies, all major security companies, leading government agencies and universities, and hundreds of SMB companies -- overall helping to secure trillions of dollars of e-commerce transactions. The Cenzic solution suite fits the needs of companies across all industries, from a cloud solution (Cenzic ClickToSecure Cloud(tm)), to testing remotely via our managed service (Cenzic ClickToSecure(r) Managed), to a full enterprise software product (Cenzic Hailstorm(r) Enterprise ARC(tm)) for managing security risks across the entire company.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4594
Published: 2014-10-25
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

CVE-2014-0476
Published: 2014-10-25
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

CVE-2014-1927
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928....

CVE-2014-1928
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulner...

CVE-2014-1929
Published: 2014-10-25
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.