Risk
2/25/2014
09:04 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cenzic Announces New Application Security Service For The Connected Enterprise

Cenzic PASS allows enterprises to define the criteria for acceptably safe partner applications

Campbell, CA – February 24, 2014– Cenzic, a leading provider of application security intelligence to reduce security risk, today announced the release of its Partner Application Security Certification Program, the first solution designed to manage and reduce online risk for enterprises connecting with third party applications. Offered via a combination of consulting and cloud-based vulnerability scanning as a service, theCenzic Partner-Application Security Scanning (Cenzic PASSTM)service helpsenterprises invite partners to test and certify any integrated application in a reliable, efficient and practical way to reduce online risk.

Powered by the Cenzic Hailstorm&trade engine with leading accuracy and comprehensive detection, Cenzic PASSTMoffers the best web application vulnerability detection service and remediationguidance for connecting partner applications.The service allows enterprises to define the criteria for acceptably safe partner applications to connect to the enterprise and meet compliance requirements, and directs partners and vendors to a Cenzic-hosted application scanning portal for workflow-driven self-service certification. By creating a custom scanning portal, Cenzic guides partners through the process of certifying the applications they integrate with on your website to ensure they meet pre-defined security standards.

"Virtually every enterprise is part of a vast supply chain that involves many participants. Yet, most of these organizations build their cyber security defenses as if they are islands," said Bala Venkat, Chief Marketing Officer (CMO) of Cenzic."Today, enterprises must go beyond their own internal firewalls and look more closely at the shared infrastructure. Cenzic PASSTMoffers enterprises a new,customizable approach to manage online risk and certify the security standards of their partner applications,benefiting both the enterprise and the partner in the face of malicious attacks."

Cenzic PASSTM offers a full suite of services including:

• Accurate cloud-based scanning servicesto test the vulnerabilities in integrated partner applications.

• Consulting Services to help definethe application security certification standards needed by partners.

• Customization of portal, policy, database, and all automated emails that usher application owners through certification.

• An Administration Dashboardthat displays the scanningstatus and allows you to efficiently manage outcomes.

• Detailed Vulnerability Reports sent to partners, who can then opt to work directly with Cenzic for any remediation.

Cenzic's partner and vendor application security service provides a cost-effective and efficient certification process ensuring that all third-party applications integrated with an enterprise have minimal vulnerabilities. As a result, business partners are able to maintain effective defenses, while interdependent systems and applications across the entire supply chain are completely secure.

Cenzic PASS is immediately available. For more information, please visit: https://www.cenzic.com/solutions/supply-chain-web-application-security/index.html

About Cenzic

Cenzic provides the leading application security intelligence platform to continuously assess Cloud, Mobile and Web applications to reduce online security risk. Cenzic's solutions scale from single applications to enterprise-level deployments with hybrid approaches that enable testing of applications at optimal levels. Cenzic helps brands of all sizes protect their reputation and manage security risk in the face of malicious attacks. Cenzic's solutions are used in all parts of the software development lifecycle, and most importantly in production, to protect against new threats even after the application has been deployed. Cenzic's application security intelligence platform is architected to handle web, cloud and mobile applications and is the first to provide risk reduction recommendations for business, application developers and specific applications. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs. More information about Cenzic can be found atwww.cenzic.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

CVE-2014-7142
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?