Risk
2/25/2014
09:04 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Cenzic Announces New Application Security Service For The Connected Enterprise

Cenzic PASS allows enterprises to define the criteria for acceptably safe partner applications

Campbell, CA – February 24, 2014– Cenzic, a leading provider of application security intelligence to reduce security risk, today announced the release of its Partner Application Security Certification Program, the first solution designed to manage and reduce online risk for enterprises connecting with third party applications. Offered via a combination of consulting and cloud-based vulnerability scanning as a service, theCenzic Partner-Application Security Scanning (Cenzic PASSTM)service helpsenterprises invite partners to test and certify any integrated application in a reliable, efficient and practical way to reduce online risk.

Powered by the Cenzic Hailstorm&trade engine with leading accuracy and comprehensive detection, Cenzic PASSTMoffers the best web application vulnerability detection service and remediationguidance for connecting partner applications.The service allows enterprises to define the criteria for acceptably safe partner applications to connect to the enterprise and meet compliance requirements, and directs partners and vendors to a Cenzic-hosted application scanning portal for workflow-driven self-service certification. By creating a custom scanning portal, Cenzic guides partners through the process of certifying the applications they integrate with on your website to ensure they meet pre-defined security standards.

"Virtually every enterprise is part of a vast supply chain that involves many participants. Yet, most of these organizations build their cyber security defenses as if they are islands," said Bala Venkat, Chief Marketing Officer (CMO) of Cenzic."Today, enterprises must go beyond their own internal firewalls and look more closely at the shared infrastructure. Cenzic PASSTMoffers enterprises a new,customizable approach to manage online risk and certify the security standards of their partner applications,benefiting both the enterprise and the partner in the face of malicious attacks."

Cenzic PASSTM offers a full suite of services including:

• Accurate cloud-based scanning servicesto test the vulnerabilities in integrated partner applications.

• Consulting Services to help definethe application security certification standards needed by partners.

• Customization of portal, policy, database, and all automated emails that usher application owners through certification.

• An Administration Dashboardthat displays the scanningstatus and allows you to efficiently manage outcomes.

• Detailed Vulnerability Reports sent to partners, who can then opt to work directly with Cenzic for any remediation.

Cenzic's partner and vendor application security service provides a cost-effective and efficient certification process ensuring that all third-party applications integrated with an enterprise have minimal vulnerabilities. As a result, business partners are able to maintain effective defenses, while interdependent systems and applications across the entire supply chain are completely secure.

Cenzic PASS is immediately available. For more information, please visit: https://www.cenzic.com/solutions/supply-chain-web-application-security/index.html

About Cenzic

Cenzic provides the leading application security intelligence platform to continuously assess Cloud, Mobile and Web applications to reduce online security risk. Cenzic's solutions scale from single applications to enterprise-level deployments with hybrid approaches that enable testing of applications at optimal levels. Cenzic helps brands of all sizes protect their reputation and manage security risk in the face of malicious attacks. Cenzic's solutions are used in all parts of the software development lifecycle, and most importantly in production, to protect against new threats even after the application has been deployed. Cenzic's application security intelligence platform is architected to handle web, cloud and mobile applications and is the first to provide risk reduction recommendations for business, application developers and specific applications. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs. More information about Cenzic can be found atwww.cenzic.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5700
Published: 2014-09-22
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some o...

CVE-2014-0484
Published: 2014-09-22
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-3595
Published: 2014-09-22
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVE-2014-3635
Published: 2014-09-22
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows remote attackers to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one m...

Best of the Web
Dark Reading Radio