Risk
5/30/2013
11:13 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Cenzic Launches Outsourced Service For Web Application Security Assessment

Offering includes four levels of service, including a compliance-ready assessment available for all types of organizations

SecureWorld Expo – Atlanta, GA –May 30, 2013 –Cenzic, the leading provider of application security intelligence to reduce security risks, today announced that it has expanded itsCenzic Managed Services for Enterprise Application Security. The expanded enterprise-class managed service offering includes four levels of service including a special compliance-ready assessment available for all types of organizations. Available immediately, Cenzic's managed service offers Fortune 500 companies the confidence that their applications are continuously secured during all stages of the software development lifecycle by Cenzic's expert team of professionals.

"The lines between web, cloud, and mobile are blurring, resulting in new, sophisticated andcontinuously changing online threat vectors. Today, enterprises simply do not have the luxury of investing specialized resources, time and budget to set up and manage dedicated security systems on a daily basis while tryingto focus on their core business," said BalaVenkat, Chief Marketing Officer (CMO) of Cenzic. "Our Cenzic Managed Services offering takes the burden of maintaining application security off of enterprises, giving them the most comprehensive solution available today for application security testing, operated by Cenzic's seasoned security team. This managed offering helps lower capital expenditures and operating costs, while also allowing enterprises the assurance they are keeping up with the latest security threats to their business."

Powered by Hailstorm, Cenzic's new offering is a managed service that offers a range of cloud, mobile and web application assessments remotely – no software, no hardware and no installation needed. With Cenzic Managed Services for Enterprises, Cenzic's security experts can remotely perform full vulnerability testing on cloud, mobile and web applications with minimal resources and budget, while supporting security risk management throughout the software development lifecycle. After application vulnerabilities are identified, Cenzic's managed service provides risk mitigation recommendations to protect data and meet compliance requirements.

Cenzic Managed Services for Enterprise Application Security offers a full suite of services including:

• Secure Code & Analysis –Inspects and analyzes software code during development and finds errors and potential vulnerabilities without running the code.

• Development & Pre-Production Scanning – Tests the applications in development and staging environment as part of the software development lifecycle (SDLC).

• Manual Penetration Testing – Cenzic's professional security team will perform in-depth and customized testing for specific applications.

• Safe Production Application Testing – Tests all web applications, web services and legacy applications in a safe manner, without impacting the production environment.

• Production Application Real-Time Monitoring and Web Application Firewall (WAF) Integration– Offers real-time monitoring of web applications in production, providing results in real-time to the WAF; automates the security policies to protect applications from the vulnerabilities detected.

• Mobile Application Testing – Cenzic can test the vulnerabilities in applications that have mobile connections.

Cenzic's managed service offering is simple to deploy and makes application security testing a worry free process. Without any software or hardware to deploy or in-house resources needed, this managed service allows organizations to focus on growing their business while reducing their operational and overhead costs.

About Cenzic

Cenzic provides the leading application security intelligence platform to continuously assess Cloud, Mobile and Web applications to reduce online security risk. Cenzic's solutions scale from single applications to enterprise-level deployments with hybrid approaches that enable testing of applications at optimal levels. Cenzic helps brands of all sizes protect their reputation and manage security risk in the face of malicious attacks. Cenzic's solutions are used in all parts of the software development lifecycle, and most importantly in production, to protect against new threats even after the application has been deployed. Cenzic's application security intelligence platform is architected to handle web, cloud and mobile applications and is the first to provide risk reduction recommendations for business, application developers and specific applications. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs. More information about Cenzic can be found at www.cenzic.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0607
Published: 2014-07-24
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

CVE-2014-1419
Published: 2014-07-24
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

CVE-2014-2360
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVE-2014-2361
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVE-2014-2362
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.