Risk
5/30/2013
11:13 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cenzic Launches Outsourced Service For Web Application Security Assessment

Offering includes four levels of service, including a compliance-ready assessment available for all types of organizations

SecureWorld Expo – Atlanta, GA –May 30, 2013 –Cenzic, the leading provider of application security intelligence to reduce security risks, today announced that it has expanded itsCenzic Managed Services for Enterprise Application Security. The expanded enterprise-class managed service offering includes four levels of service including a special compliance-ready assessment available for all types of organizations. Available immediately, Cenzic's managed service offers Fortune 500 companies the confidence that their applications are continuously secured during all stages of the software development lifecycle by Cenzic's expert team of professionals.

"The lines between web, cloud, and mobile are blurring, resulting in new, sophisticated andcontinuously changing online threat vectors. Today, enterprises simply do not have the luxury of investing specialized resources, time and budget to set up and manage dedicated security systems on a daily basis while tryingto focus on their core business," said BalaVenkat, Chief Marketing Officer (CMO) of Cenzic. "Our Cenzic Managed Services offering takes the burden of maintaining application security off of enterprises, giving them the most comprehensive solution available today for application security testing, operated by Cenzic's seasoned security team. This managed offering helps lower capital expenditures and operating costs, while also allowing enterprises the assurance they are keeping up with the latest security threats to their business."

Powered by Hailstorm, Cenzic's new offering is a managed service that offers a range of cloud, mobile and web application assessments remotely – no software, no hardware and no installation needed. With Cenzic Managed Services for Enterprises, Cenzic's security experts can remotely perform full vulnerability testing on cloud, mobile and web applications with minimal resources and budget, while supporting security risk management throughout the software development lifecycle. After application vulnerabilities are identified, Cenzic's managed service provides risk mitigation recommendations to protect data and meet compliance requirements.

Cenzic Managed Services for Enterprise Application Security offers a full suite of services including:

• Secure Code & Analysis –Inspects and analyzes software code during development and finds errors and potential vulnerabilities without running the code.

• Development & Pre-Production Scanning – Tests the applications in development and staging environment as part of the software development lifecycle (SDLC).

• Manual Penetration Testing – Cenzic's professional security team will perform in-depth and customized testing for specific applications.

• Safe Production Application Testing – Tests all web applications, web services and legacy applications in a safe manner, without impacting the production environment.

• Production Application Real-Time Monitoring and Web Application Firewall (WAF) Integration– Offers real-time monitoring of web applications in production, providing results in real-time to the WAF; automates the security policies to protect applications from the vulnerabilities detected.

• Mobile Application Testing – Cenzic can test the vulnerabilities in applications that have mobile connections.

Cenzic's managed service offering is simple to deploy and makes application security testing a worry free process. Without any software or hardware to deploy or in-house resources needed, this managed service allows organizations to focus on growing their business while reducing their operational and overhead costs.

About Cenzic

Cenzic provides the leading application security intelligence platform to continuously assess Cloud, Mobile and Web applications to reduce online security risk. Cenzic's solutions scale from single applications to enterprise-level deployments with hybrid approaches that enable testing of applications at optimal levels. Cenzic helps brands of all sizes protect their reputation and manage security risk in the face of malicious attacks. Cenzic's solutions are used in all parts of the software development lifecycle, and most importantly in production, to protect against new threats even after the application has been deployed. Cenzic's application security intelligence platform is architected to handle web, cloud and mobile applications and is the first to provide risk reduction recommendations for business, application developers and specific applications. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs. More information about Cenzic can be found at www.cenzic.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4467
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4479
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4480
Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.