Risk
5/30/2013
11:13 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cenzic Launches Outsourced Service For Web Application Security Assessment

Offering includes four levels of service, including a compliance-ready assessment available for all types of organizations

SecureWorld Expo – Atlanta, GA –May 30, 2013 –Cenzic, the leading provider of application security intelligence to reduce security risks, today announced that it has expanded itsCenzic Managed Services for Enterprise Application Security. The expanded enterprise-class managed service offering includes four levels of service including a special compliance-ready assessment available for all types of organizations. Available immediately, Cenzic's managed service offers Fortune 500 companies the confidence that their applications are continuously secured during all stages of the software development lifecycle by Cenzic's expert team of professionals.

"The lines between web, cloud, and mobile are blurring, resulting in new, sophisticated andcontinuously changing online threat vectors. Today, enterprises simply do not have the luxury of investing specialized resources, time and budget to set up and manage dedicated security systems on a daily basis while tryingto focus on their core business," said BalaVenkat, Chief Marketing Officer (CMO) of Cenzic. "Our Cenzic Managed Services offering takes the burden of maintaining application security off of enterprises, giving them the most comprehensive solution available today for application security testing, operated by Cenzic's seasoned security team. This managed offering helps lower capital expenditures and operating costs, while also allowing enterprises the assurance they are keeping up with the latest security threats to their business."

Powered by Hailstorm, Cenzic's new offering is a managed service that offers a range of cloud, mobile and web application assessments remotely – no software, no hardware and no installation needed. With Cenzic Managed Services for Enterprises, Cenzic's security experts can remotely perform full vulnerability testing on cloud, mobile and web applications with minimal resources and budget, while supporting security risk management throughout the software development lifecycle. After application vulnerabilities are identified, Cenzic's managed service provides risk mitigation recommendations to protect data and meet compliance requirements.

Cenzic Managed Services for Enterprise Application Security offers a full suite of services including:

• Secure Code & Analysis –Inspects and analyzes software code during development and finds errors and potential vulnerabilities without running the code.

• Development & Pre-Production Scanning – Tests the applications in development and staging environment as part of the software development lifecycle (SDLC).

• Manual Penetration Testing – Cenzic's professional security team will perform in-depth and customized testing for specific applications.

• Safe Production Application Testing – Tests all web applications, web services and legacy applications in a safe manner, without impacting the production environment.

• Production Application Real-Time Monitoring and Web Application Firewall (WAF) Integration– Offers real-time monitoring of web applications in production, providing results in real-time to the WAF; automates the security policies to protect applications from the vulnerabilities detected.

• Mobile Application Testing – Cenzic can test the vulnerabilities in applications that have mobile connections.

Cenzic's managed service offering is simple to deploy and makes application security testing a worry free process. Without any software or hardware to deploy or in-house resources needed, this managed service allows organizations to focus on growing their business while reducing their operational and overhead costs.

About Cenzic

Cenzic provides the leading application security intelligence platform to continuously assess Cloud, Mobile and Web applications to reduce online security risk. Cenzic's solutions scale from single applications to enterprise-level deployments with hybrid approaches that enable testing of applications at optimal levels. Cenzic helps brands of all sizes protect their reputation and manage security risk in the face of malicious attacks. Cenzic's solutions are used in all parts of the software development lifecycle, and most importantly in production, to protect against new threats even after the application has been deployed. Cenzic's application security intelligence platform is architected to handle web, cloud and mobile applications and is the first to provide risk reduction recommendations for business, application developers and specific applications. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs. More information about Cenzic can be found at www.cenzic.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8551
Published: 2014-11-26
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.

CVE-2014-8552
Published: 2014-11-26
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.

CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?