Government // Cybersecurity
10/8/2010
02:43 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Cenzic Announces Free Web Security Products And Services For October

Company is helping to promote cybersecurity awareness

SANTA CLARA, CA--(Marketwire - October 7, 2010) - Cenzic Inc., the leading provider of Web application security solutions, today announced its involvement with this year's Cyber Security Awareness Month, a national public awareness campaign that spotlights the importance of protecting the nation's critical cyber security infrastructure. As part of its efforts, the company will offer the following free resources and services to educate and protect businesses against the growing number of threats to Web security.

Cenzic is also supporting the National Cyber Security Alliance in their efforts to build cyber security awareness.

Free Website Security Testing with Cenzic Healthcheck For a limited time, the Cenzic Healthcheck program will provide a free application vulnerability assessment performed by Cenzic Web security experts using the company's ClickToSecure managed service solution.

As part of the Healthcheck, Cenzic will scan the Web pages of participating organizations to check for some of the most common application vulnerabilities or "holes" that hackers can exploit such as Cross-Site Scripting (XSS), Cross Frame Scripting, Password Autocomplete, and others.

Then, participants will receive a free PDF report containing: A summary of the website's "holes" (security flaws) and easy-to-read severity charts A prioritized listing of the most vulnerable website URLs A detailed description of each security flaw and remediation suggestions To access this free service, businesses must register between October 18th and October 22nd at https://www.cenzic.com/assets/hc2010/index.html.

Free E-book on Web Application security Cenzic will offer free access to its popular new e-book, "Achieving Web App Security Maturity: A CSO's Primer for Web Application Security Strategy" for the entire month of October. Featuring insight into the complex world of securing Web applications from a CSO's perspective, the book includes techniques to improve Web app security posture by testing applications throughout the SDLC, including production by: Discovering, categorizing, and prioritizing applications Blocking exploits Correcting mistakes, both proactively and reactively The guide also includes helpful hints that organizations in a variety of industries have used to protect their websites from hacker attacks.

Users can download the new e-book free of charge at https://www.cenzic.com/resources_e-book/.

Free Educational Sessions on Cyber Security In October, Cenzic executives will participate in several free online webinars to discuss current cyber security threats, trends, and solutions. They include: Paul Dot Com Webinar Date and Time: October 6 at 11 A.M. PST (recording available on http://pauldotcom.ning.com/ starting October 8th) Speaker: Lars Ewe, CTO at Cenzic 451 Group Webinar Date and Time: Recording available after October 15th on the Cenzic website Speaker: Joshua Corman, Research Director, 451 Group and Mandeep Khera, CMO at Cenzic In addition, Cenzic will continue its popular "Mythbusters" podcast, an online interview series on Web application security, when it welcomes Richard Steinnon, noted security industry analyst and writer at ThreatChaos.com and author of Surviving Cyberwar to talk about current cyber security topics.

To access these webinars and resources, please visit: https://www.cenzic.com/resources_overview/.

On October 20, John Weinschenk, CEO at Cenzic will present at the Office of Information Security's Annual IT Security Fair in Sacramento, California.

At this show, John will discuss issues surrounding cyber security awareness, including how the focus of many companies exclusively on network security can leave gaping holes in their web applications, leading to increased risk of hacker attacks. Cenzic CTO Lars Ewe will also present on October 13, at this year's Hacker Halted Conference in Miami, Florida.

Industry Expert Award Recognition In October, Cenzic will also announce its first-ever "Cenzic Cyber Security Superstar" award, recognizing an industry expert that has made the biggest strides in furthering the values exemplified by the Cyber Security Awareness Month. The award will be judged on the level of commitment the individual has shown for the cause as well as their willingness to educate others on cyber security issues.

Free Resources for Universities and Charities Cenzic continues its commitment to higher education by allowing faculty and students at universities to use Cenzic products for free to teach secure coding. Two of the many prominent universities that are already using its products to aid in Web application development courses include Stanford University in Palo Alto, California, and Rochester Institute of Technology (RIT) in Rochester, New York. With these products, students at these universities are able to scan and diagnose their newly created Web applications for any possible security flaws. With this initiative, Cenzic aims to pave the way for future generations of developers to create safer and more advanced web applications.

For more information on the use of Cenzic's products in higher education, please visit: http://www.cenzic.com/company/givingback/ or send an email to up@Cenzic.com.

Cenzic has also committed to helping out charities by giving the product or service for free to qualified charities so they can test their Web applications against hackers. For information on the charity program, please visit: http://www.cenzic.com/company/givingback/ or send an email to cop@Cenzic.com.

"The support of Web security awareness during this month is a great way for the industry to pull together to educate the masses and make Web security a top priority," said John Weinschenk, President and CEO of Cenzic. "Cenzic is committed to being at the forefront of Web application security working with industry leaders and companies to protect against hacker attacks. While the battle seems to be never ending, we are pleased to highlight cyber security in October and to offer free access to these Web application security resources for customers and noncustomers alike."

"Applications are the most attacked and least invested in area of information security. Knowing where to start can be difficult," said Joshua Corman, Research Director of Enterprise Security at The 451 Group and co-founder of www.ruggedsoftware.org. "Cyber Security Awareness Month is a great excuse to find and fix your first security bug. Be sure to take advantage of free tools and resources like those offered by Cenzic. The journey to Rugged software begins with a single step -- take one."

About Cenzic Cenzic, a trusted provider of software and SaaS security products, helps organizations secure their websites against hacker attacks. Cenzic focuses on Web Application Security, automating the process of identifying security defects at the Web application level where more than 75 percent of hacker attacks occur. Our dynamic, black box Web application testing is built on a non-signature-based technology that finds more "real" vulnerabilities as well as provides vulnerability management, risk management, and compliance for regulations and industry standards such as PCI. Cenzic solutions help secure the websites of numerous Fortune 1000 companies, all major security companies, leading government agencies and universities, and hundreds of SMB companies -- overall helping to secure trillions of dollars of e-commerce transactions. The Cenzic solution suite fits the needs of companies across all industries, from a cloud solution (Cenzic ClickToSecure Cloud(tm)), to testing remotely via our managed service (Cenzic ClickToSecure(r) Managed), to a full enterprise software product (Cenzic Hailstorm(r) Enterprise ARC(tm)) for managing security risks across the entire company.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2014-0778
Published: 2014-04-19
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.

CVE-2014-1974
Published: 2014-04-19
Directory traversal vulnerability in LYSESOFT AndExplorer before 20140403 and AndExplorerPro before 20140405 allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-1983
Published: 2014-04-19
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.

Best of the Web