Risk
5/30/2013
11:13 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Cenzic Launches Outsourced Service For Web Application Security Assessment

Offering includes four levels of service, including a compliance-ready assessment available for all types of organizations

SecureWorld Expo – Atlanta, GA –May 30, 2013 –Cenzic, the leading provider of application security intelligence to reduce security risks, today announced that it has expanded itsCenzic Managed Services for Enterprise Application Security. The expanded enterprise-class managed service offering includes four levels of service including a special compliance-ready assessment available for all types of organizations. Available immediately, Cenzic's managed service offers Fortune 500 companies the confidence that their applications are continuously secured during all stages of the software development lifecycle by Cenzic's expert team of professionals.

"The lines between web, cloud, and mobile are blurring, resulting in new, sophisticated andcontinuously changing online threat vectors. Today, enterprises simply do not have the luxury of investing specialized resources, time and budget to set up and manage dedicated security systems on a daily basis while tryingto focus on their core business," said BalaVenkat, Chief Marketing Officer (CMO) of Cenzic. "Our Cenzic Managed Services offering takes the burden of maintaining application security off of enterprises, giving them the most comprehensive solution available today for application security testing, operated by Cenzic's seasoned security team. This managed offering helps lower capital expenditures and operating costs, while also allowing enterprises the assurance they are keeping up with the latest security threats to their business."

Powered by Hailstorm, Cenzic's new offering is a managed service that offers a range of cloud, mobile and web application assessments remotely – no software, no hardware and no installation needed. With Cenzic Managed Services for Enterprises, Cenzic's security experts can remotely perform full vulnerability testing on cloud, mobile and web applications with minimal resources and budget, while supporting security risk management throughout the software development lifecycle. After application vulnerabilities are identified, Cenzic's managed service provides risk mitigation recommendations to protect data and meet compliance requirements.

Cenzic Managed Services for Enterprise Application Security offers a full suite of services including:

• Secure Code & Analysis –Inspects and analyzes software code during development and finds errors and potential vulnerabilities without running the code.

• Development & Pre-Production Scanning – Tests the applications in development and staging environment as part of the software development lifecycle (SDLC).

• Manual Penetration Testing – Cenzic's professional security team will perform in-depth and customized testing for specific applications.

• Safe Production Application Testing – Tests all web applications, web services and legacy applications in a safe manner, without impacting the production environment.

• Production Application Real-Time Monitoring and Web Application Firewall (WAF) Integration– Offers real-time monitoring of web applications in production, providing results in real-time to the WAF; automates the security policies to protect applications from the vulnerabilities detected.

• Mobile Application Testing – Cenzic can test the vulnerabilities in applications that have mobile connections.

Cenzic's managed service offering is simple to deploy and makes application security testing a worry free process. Without any software or hardware to deploy or in-house resources needed, this managed service allows organizations to focus on growing their business while reducing their operational and overhead costs.

About Cenzic

Cenzic provides the leading application security intelligence platform to continuously assess Cloud, Mobile and Web applications to reduce online security risk. Cenzic's solutions scale from single applications to enterprise-level deployments with hybrid approaches that enable testing of applications at optimal levels. Cenzic helps brands of all sizes protect their reputation and manage security risk in the face of malicious attacks. Cenzic's solutions are used in all parts of the software development lifecycle, and most importantly in production, to protect against new threats even after the application has been deployed. Cenzic's application security intelligence platform is architected to handle web, cloud and mobile applications and is the first to provide risk reduction recommendations for business, application developers and specific applications. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs. More information about Cenzic can be found at www.cenzic.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.