SANTA CLARA, Calif. -- Cenzic Inc., a leader in Web application security assessment and risk-management, today announced its solutions for the virtualization arena with the integration of its flagship product line, Cenzic HailstormR Enterprise ARC (Application Risk Controller) with VMware Lab Manager and VMware Virtual Center. Cenzic is the first company to allow automated security assessment of Web applications in production through virtualization.
Additional features in Hailstorm Enterprise ARC 5.5 include major enhancements to compliance reporting, in which users generate assessment reports based on specific regulations such as PCI, GLBA, HIPAA, or AB 1950, and to the risk management dashboard, which now enables users to sort their vulnerabilities by HARM, a quantitative score which lets users easily see which vulnerabilities have the highest risk. The release also includes many features to enhance the user experience and tighten integration with other application security solutions. Many of these features will also be supported in Hailstorm Professional 5.5.
Most Web application testing occurs at the development or quality assurance stages. But because security testing on deployed Web applications can put data at risk of corruption, testing production Web applications is often avoided. This leaves applications at risk to vulnerabilities that have emerged since the application was initially tested.
"Roughly 90 percent of Web applications are in production at any given point, and these applications are exposed and vulnerable to hackers," said John Weinschenk, president and CEO of Cenzic. "Since application security assessment is an invasive process with the potential to corrupt databases and impair applications, security testing on deployed applications hasn't been a viable solution. Cenzic is helping its customers with a new approach by integrating the application security assessment solution with virtualization solutions from VMware. With this breakthrough solution, customers can not only test applications in development or Q.A. but truly through the entire software development lifecycle (SDLC) including operations."