Government // Cybersecurity
02:43 PM
Dark Reading
Dark Reading
Products and Releases

Cenzic Announces Free Web Security Products And Services For October

Company is helping to promote cybersecurity awareness

SANTA CLARA, CA--(Marketwire - October 7, 2010) - Cenzic Inc., the leading provider of Web application security solutions, today announced its involvement with this year's Cyber Security Awareness Month, a national public awareness campaign that spotlights the importance of protecting the nation's critical cyber security infrastructure. As part of its efforts, the company will offer the following free resources and services to educate and protect businesses against the growing number of threats to Web security.

Cenzic is also supporting the National Cyber Security Alliance in their efforts to build cyber security awareness.

Free Website Security Testing with Cenzic Healthcheck For a limited time, the Cenzic Healthcheck program will provide a free application vulnerability assessment performed by Cenzic Web security experts using the company's ClickToSecure managed service solution.

As part of the Healthcheck, Cenzic will scan the Web pages of participating organizations to check for some of the most common application vulnerabilities or "holes" that hackers can exploit such as Cross-Site Scripting (XSS), Cross Frame Scripting, Password Autocomplete, and others.

Then, participants will receive a free PDF report containing: A summary of the website's "holes" (security flaws) and easy-to-read severity charts A prioritized listing of the most vulnerable website URLs A detailed description of each security flaw and remediation suggestions To access this free service, businesses must register between October 18th and October 22nd at

Free E-book on Web Application security Cenzic will offer free access to its popular new e-book, "Achieving Web App Security Maturity: A CSO's Primer for Web Application Security Strategy" for the entire month of October. Featuring insight into the complex world of securing Web applications from a CSO's perspective, the book includes techniques to improve Web app security posture by testing applications throughout the SDLC, including production by: Discovering, categorizing, and prioritizing applications Blocking exploits Correcting mistakes, both proactively and reactively The guide also includes helpful hints that organizations in a variety of industries have used to protect their websites from hacker attacks.

Users can download the new e-book free of charge at

Free Educational Sessions on Cyber Security In October, Cenzic executives will participate in several free online webinars to discuss current cyber security threats, trends, and solutions. They include: Paul Dot Com Webinar Date and Time: October 6 at 11 A.M. PST (recording available on starting October 8th) Speaker: Lars Ewe, CTO at Cenzic 451 Group Webinar Date and Time: Recording available after October 15th on the Cenzic website Speaker: Joshua Corman, Research Director, 451 Group and Mandeep Khera, CMO at Cenzic In addition, Cenzic will continue its popular "Mythbusters" podcast, an online interview series on Web application security, when it welcomes Richard Steinnon, noted security industry analyst and writer at and author of Surviving Cyberwar to talk about current cyber security topics.

To access these webinars and resources, please visit:

On October 20, John Weinschenk, CEO at Cenzic will present at the Office of Information Security's Annual IT Security Fair in Sacramento, California.

At this show, John will discuss issues surrounding cyber security awareness, including how the focus of many companies exclusively on network security can leave gaping holes in their web applications, leading to increased risk of hacker attacks. Cenzic CTO Lars Ewe will also present on October 13, at this year's Hacker Halted Conference in Miami, Florida.

Industry Expert Award Recognition In October, Cenzic will also announce its first-ever "Cenzic Cyber Security Superstar" award, recognizing an industry expert that has made the biggest strides in furthering the values exemplified by the Cyber Security Awareness Month. The award will be judged on the level of commitment the individual has shown for the cause as well as their willingness to educate others on cyber security issues.

Free Resources for Universities and Charities Cenzic continues its commitment to higher education by allowing faculty and students at universities to use Cenzic products for free to teach secure coding. Two of the many prominent universities that are already using its products to aid in Web application development courses include Stanford University in Palo Alto, California, and Rochester Institute of Technology (RIT) in Rochester, New York. With these products, students at these universities are able to scan and diagnose their newly created Web applications for any possible security flaws. With this initiative, Cenzic aims to pave the way for future generations of developers to create safer and more advanced web applications.

For more information on the use of Cenzic's products in higher education, please visit: or send an email to

Cenzic has also committed to helping out charities by giving the product or service for free to qualified charities so they can test their Web applications against hackers. For information on the charity program, please visit: or send an email to

"The support of Web security awareness during this month is a great way for the industry to pull together to educate the masses and make Web security a top priority," said John Weinschenk, President and CEO of Cenzic. "Cenzic is committed to being at the forefront of Web application security working with industry leaders and companies to protect against hacker attacks. While the battle seems to be never ending, we are pleased to highlight cyber security in October and to offer free access to these Web application security resources for customers and noncustomers alike."

"Applications are the most attacked and least invested in area of information security. Knowing where to start can be difficult," said Joshua Corman, Research Director of Enterprise Security at The 451 Group and co-founder of "Cyber Security Awareness Month is a great excuse to find and fix your first security bug. Be sure to take advantage of free tools and resources like those offered by Cenzic. The journey to Rugged software begins with a single step -- take one."

About Cenzic Cenzic, a trusted provider of software and SaaS security products, helps organizations secure their websites against hacker attacks. Cenzic focuses on Web Application Security, automating the process of identifying security defects at the Web application level where more than 75 percent of hacker attacks occur. Our dynamic, black box Web application testing is built on a non-signature-based technology that finds more "real" vulnerabilities as well as provides vulnerability management, risk management, and compliance for regulations and industry standards such as PCI. Cenzic solutions help secure the websites of numerous Fortune 1000 companies, all major security companies, leading government agencies and universities, and hundreds of SMB companies -- overall helping to secure trillions of dollars of e-commerce transactions. The Cenzic solution suite fits the needs of companies across all industries, from a cloud solution (Cenzic ClickToSecure Cloud(tm)), to testing remotely via our managed service (Cenzic ClickToSecure(r) Managed), to a full enterprise software product (Cenzic Hailstorm(r) Enterprise ARC(tm)) for managing security risks across the entire company.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-07-05
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 2015-07-05
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.

Published: 2015-07-05
SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.

Published: 2015-07-04
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

Published: 2015-07-04
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report