Risk
5/30/2013
11:13 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Cenzic Launches Outsourced Service For Web Application Security Assessment

Offering includes four levels of service, including a compliance-ready assessment available for all types of organizations

SecureWorld Expo – Atlanta, GA –May 30, 2013 –Cenzic, the leading provider of application security intelligence to reduce security risks, today announced that it has expanded itsCenzic Managed Services for Enterprise Application Security. The expanded enterprise-class managed service offering includes four levels of service including a special compliance-ready assessment available for all types of organizations. Available immediately, Cenzic's managed service offers Fortune 500 companies the confidence that their applications are continuously secured during all stages of the software development lifecycle by Cenzic's expert team of professionals.

"The lines between web, cloud, and mobile are blurring, resulting in new, sophisticated andcontinuously changing online threat vectors. Today, enterprises simply do not have the luxury of investing specialized resources, time and budget to set up and manage dedicated security systems on a daily basis while tryingto focus on their core business," said BalaVenkat, Chief Marketing Officer (CMO) of Cenzic. "Our Cenzic Managed Services offering takes the burden of maintaining application security off of enterprises, giving them the most comprehensive solution available today for application security testing, operated by Cenzic's seasoned security team. This managed offering helps lower capital expenditures and operating costs, while also allowing enterprises the assurance they are keeping up with the latest security threats to their business."

Powered by Hailstorm, Cenzic's new offering is a managed service that offers a range of cloud, mobile and web application assessments remotely – no software, no hardware and no installation needed. With Cenzic Managed Services for Enterprises, Cenzic's security experts can remotely perform full vulnerability testing on cloud, mobile and web applications with minimal resources and budget, while supporting security risk management throughout the software development lifecycle. After application vulnerabilities are identified, Cenzic's managed service provides risk mitigation recommendations to protect data and meet compliance requirements.

Cenzic Managed Services for Enterprise Application Security offers a full suite of services including:

• Secure Code & Analysis –Inspects and analyzes software code during development and finds errors and potential vulnerabilities without running the code.

• Development & Pre-Production Scanning – Tests the applications in development and staging environment as part of the software development lifecycle (SDLC).

• Manual Penetration Testing – Cenzic's professional security team will perform in-depth and customized testing for specific applications.

• Safe Production Application Testing – Tests all web applications, web services and legacy applications in a safe manner, without impacting the production environment.

• Production Application Real-Time Monitoring and Web Application Firewall (WAF) Integration– Offers real-time monitoring of web applications in production, providing results in real-time to the WAF; automates the security policies to protect applications from the vulnerabilities detected.

• Mobile Application Testing – Cenzic can test the vulnerabilities in applications that have mobile connections.

Cenzic's managed service offering is simple to deploy and makes application security testing a worry free process. Without any software or hardware to deploy or in-house resources needed, this managed service allows organizations to focus on growing their business while reducing their operational and overhead costs.

About Cenzic

Cenzic provides the leading application security intelligence platform to continuously assess Cloud, Mobile and Web applications to reduce online security risk. Cenzic's solutions scale from single applications to enterprise-level deployments with hybrid approaches that enable testing of applications at optimal levels. Cenzic helps brands of all sizes protect their reputation and manage security risk in the face of malicious attacks. Cenzic's solutions are used in all parts of the software development lifecycle, and most importantly in production, to protect against new threats even after the application has been deployed. Cenzic's application security intelligence platform is architected to handle web, cloud and mobile applications and is the first to provide risk reduction recommendations for business, application developers and specific applications. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs. More information about Cenzic can be found at www.cenzic.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4594
Published: 2014-10-25
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

CVE-2014-0476
Published: 2014-10-25
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

CVE-2014-1927
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928....

CVE-2014-1928
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulner...

CVE-2014-1929
Published: 2014-10-25
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.