Risk
2/25/2014
09:04 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Cenzic Announces New Application Security Service For The Connected Enterprise

Cenzic PASS allows enterprises to define the criteria for acceptably safe partner applications

Campbell, CA – February 24, 2014– Cenzic, a leading provider of application security intelligence to reduce security risk, today announced the release of its Partner Application Security Certification Program, the first solution designed to manage and reduce online risk for enterprises connecting with third party applications. Offered via a combination of consulting and cloud-based vulnerability scanning as a service, theCenzic Partner-Application Security Scanning (Cenzic PASSTM)service helpsenterprises invite partners to test and certify any integrated application in a reliable, efficient and practical way to reduce online risk.

Powered by the Cenzic Hailstorm&trade engine with leading accuracy and comprehensive detection, Cenzic PASSTMoffers the best web application vulnerability detection service and remediationguidance for connecting partner applications.The service allows enterprises to define the criteria for acceptably safe partner applications to connect to the enterprise and meet compliance requirements, and directs partners and vendors to a Cenzic-hosted application scanning portal for workflow-driven self-service certification. By creating a custom scanning portal, Cenzic guides partners through the process of certifying the applications they integrate with on your website to ensure they meet pre-defined security standards.

"Virtually every enterprise is part of a vast supply chain that involves many participants. Yet, most of these organizations build their cyber security defenses as if they are islands," said Bala Venkat, Chief Marketing Officer (CMO) of Cenzic."Today, enterprises must go beyond their own internal firewalls and look more closely at the shared infrastructure. Cenzic PASSTMoffers enterprises a new,customizable approach to manage online risk and certify the security standards of their partner applications,benefiting both the enterprise and the partner in the face of malicious attacks."

Cenzic PASSTM offers a full suite of services including:

• Accurate cloud-based scanning servicesto test the vulnerabilities in integrated partner applications.

• Consulting Services to help definethe application security certification standards needed by partners.

• Customization of portal, policy, database, and all automated emails that usher application owners through certification.

• An Administration Dashboardthat displays the scanningstatus and allows you to efficiently manage outcomes.

• Detailed Vulnerability Reports sent to partners, who can then opt to work directly with Cenzic for any remediation.

Cenzic's partner and vendor application security service provides a cost-effective and efficient certification process ensuring that all third-party applications integrated with an enterprise have minimal vulnerabilities. As a result, business partners are able to maintain effective defenses, while interdependent systems and applications across the entire supply chain are completely secure.

Cenzic PASS is immediately available. For more information, please visit: https://www.cenzic.com/solutions/supply-chain-web-application-security/index.html

About Cenzic

Cenzic provides the leading application security intelligence platform to continuously assess Cloud, Mobile and Web applications to reduce online security risk. Cenzic's solutions scale from single applications to enterprise-level deployments with hybrid approaches that enable testing of applications at optimal levels. Cenzic helps brands of all sizes protect their reputation and manage security risk in the face of malicious attacks. Cenzic's solutions are used in all parts of the software development lifecycle, and most importantly in production, to protect against new threats even after the application has been deployed. Cenzic's application security intelligence platform is architected to handle web, cloud and mobile applications and is the first to provide risk reduction recommendations for business, application developers and specific applications. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs. More information about Cenzic can be found atwww.cenzic.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web