Cenzic Product Guide. Cloud, Mobile and Web Application Security



Similar documents
Application Security in the Software Development Life Cycle (SDLC) White Paper

End-to-End Application Security from the Cloud

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Why You Need to Test All Your Cloud, Mobile and Web Applications

Staying Ahead of the Hacker Curve Turn-key Web Application Security Solution

Table of Contents. Application Vulnerability Trends Report Introduction. 99% of Tested Applications Have Vulnerabilities

Bringing Continuous Security to the Global Enterprise

Vulnerability Management

G-Cloud IV Framework Service Definition Accenture Web Application Security Scanning as a Service

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Enterprise-Grade Security from the Cloud

IT Security & Compliance. On Time. On Budget. On Demand.

Cloud and Data Center Security

IBM Security QRadar Vulnerability Manager

Integrating Application Security into the Mobile Software Development Lifecycle. WhiteHat Security Paper

NEC Managed Security Services

Integrated Threat & Security Management.

HP Application Security Center

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

From the Bottom to the Top: The Evolution of Application Monitoring

Vistara Lifecycle Management

Clavister InSight TM. Protecting Values

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.

Application Security in the Software Development Lifecycle

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

QRadar SIEM and FireEye MPS Integration

F5 Silverline Web Application Firewall Onboarding: Technical Note

Boosting enterprise security with integrated log management

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Converting Security & Log Data into Business Intelligence: Art or Science? Phone Conference

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

How To Manage Security On A Networked Computer System

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Technology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time

SECURITY & COMPLIANCE IN THE CLOUD AGE

Web Application Security Roadmap

2012 North American Managed Security Service Providers Growth Leadership Award

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Learning objectives for today s session

Metrics that Matter Security Risk Analytics

Industrial Security Solutions

Five Steps to Achieve Risk-Based Application Security Management Make application security a strategically managed discipline

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

Preemptive security solutions for healthcare

Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP

Reining in the Effects of Uncontrolled Change

The ForeScout Difference

Extreme Networks Security Analytics G2 Vulnerability Manager

How To Buy Nitro Security

Your world runs on applications. Secure them with Veracode.

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

INTRODUCING isheriff CLOUD SECURITY

Strengthen security with intelligent identity and access management

End-user Security Analytics Strengthens Protection with ArcSight

1 Introduction Product Description Strengths and Challenges Copyright... 5

rating of 5 out 5 stars

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

CyberArk Privileged Threat Analytics. Solution Brief

10 Things Every Web Application Firewall Should Provide Share this ebook

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

Security Services. 30 years of experience in IT business

5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit

ForeScout MDM Enterprise

WEBSENSE TRITON SOLUTIONS

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Security Automation in Agile SDLC Real World Cases

ClearSkies SIEM Security-as-a-Service (SecaaS) Infocom Security Athens April 2014

PCI Compliance for Cloud Applications

IBM Security Intrusion Prevention Solutions

Total Protection for Compliance: Unified IT Policy Auditing

White paper. Four Best Practices for Secure Web Access

The Web AppSec How-to: The Defenders Toolbox

Enterprise Security and Risk Management

Network Security and Vulnerability Assessment Solutions

BMC Remedy IT Service Management Suite

Kaseya IT Automation Framework

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

RSA Identity Management & Governance (Aveksa)

Transcription:

Cloud, Mobile and Web Application Security

Table of Contents Cenzic Enterprise...3 Cenzic Desktop...3 Cenzic Managed Cloud...3 Cenzic Cloud...3 Cenzic Hybrid...3 Cenzic Mobile...4 Technology...4 Continuous Application Testing...4 Application Assessments...4 Attack Library...4 Robust, Easy Reporting...4 HARM Score...5 Web-Based Dashboard...5 Unified Architecture...6 Integration with Complementary Technologies...6 About Cenzic...6 2

Cenzic Enterprise Cenzic Enterprise, powered by Hailstorm, is a software solution that assesses the security of Cloud and Web applications and supports security risk management throughout the software development lifecycle. Because Cenzic Enterprise can be used in all parts of the software development lifecycle, and most importantly in production, applications are protected against new threats even after being deployed. After application vulnerabilities are identified, Cenzic Enterprise provides risk mitigation recommendations to protect data and meet compliance requirements. Cenzic Desktop Cenzic Desktop is a single-user version of Cenzic Enterprise, a software solution that assesses the security of Cloud and Web applications and supports security risk management throughout the software development lifecycle. It is designed for the power user who wants to run security assessments on Cloud and Web applications from a single system. With Cenzic Desktop, applications can be continuously assessed to reduce online security risk. Because Cenzic Desktop can be used in all parts of the software development lifecycle, and most importantly in production, applications are protected against new threats even after being deployed. After application vulnerabilities are identified, Cenzic Desktop provides risk mitigation recommendations to protect data and meet compliance requirements. Cenzic Managed Cloud Cenzic Managed Cloud, powered by Hailstorm, is a managed service that offers a range of Cloud, Mobile and Web application assessments remotely no software, no hardware and no installation needed. With Cenzic Managed Cloud, Cenzic s security experts remotely perform full vulnerability testing on Cloud, Mobile and Web applications with minimal resources and budget. Cenzic Managed Cloud, powered by Hailstorm, supports security risk management throughout the software development lifecycle. Because Cenzic Managed Cloud can be used in all parts of the software development lifecycle, and most importantly in production, applications are protected against new threats even after being deployed. After application vulnerabilities are identified, Cenzic Managed Cloud provides risk mitigation recommendations to protect data and meet compliance requirements. Cenzic Cloud Cenzic Cloud allows users to test their Cloud and Web applications for basic attacks and receive actionable results all within their own Web portal no security experts needed. It is the most costeffective, easy-to-use and robust vulnerability assessment solution available. With Cenzic Cloud, applications can be continuously assessed to reduce online security risk. Because Cenzic Cloud can be used in all parts of the software development lifecycle, and most importantly in production, applications are protected against new threats even after being deployed. After application vulnerabilities are identified, Cenzic Cloud provides risk mitigation recommendations to protect data and meet compliance requirements. Cenzic Hybrid Cenzic Hybrid, powered by Hailstorm, is a combination of software and managed services for application security assessments. It allows users to run their own Cloud and Web application vulnerability assessments using software (Cenzic Enterprise) as well as leverage Cenzic s security experts using managed services (Cenzic Managed Cloud and/or Cenzic Mobile) to perform additional application vulnerability tests, including testing Mobile apps, when the need arises. 3

Cenzic Mobile Cenzic Mobile service extends application security to protect data on the latest online front. Since many mobile applications connect to databases on the backend, they are a target of hackers. Cenzic leverages its Hailstorm technology and more than a decade of application security experience to deliver services that analyze Mobile applications and detect vulnerabilities in critical areas, including input validation authentication mechanisms, session security, encryption usage and policy compliance. Technology Cenzic Hailstorm was built from the ground up by Cenzic s engineering team and powers solutions that are different than other application security assessment products. Only Cenzic Hailstorm can test for vulnerabilities across all types of applications, including commercial and proprietary Cloud, Mobile and Web applications. In addition, only Cenzic Hailstorm allows organizations to test deployed applications using virtualization. Cenzic Hailstorm goes beyond a signature-based approach, for application vulnerability assessment. Cenzic Hailstorm emulates a true hacker with its Stateful Assessment approach that maintains the state of the application while attacking the application in production. This approach allows Cenzic Hailstorm to find all critical vulnerabilities with test results that are the most accurate in the industry yielding fewer false positives and finding more real threats. Continuous Application Testing Due to the unceasing onslaught of hackers employing new methods to access valuable data organizations, application security must be an ongoing effort. Effective application security is not a one-time event, but a discipline of testing and re-testing continuously throughout an application s lifecycle. Continuous testing is the only way to protect applications from the hundreds of new threats that come out every month. Application Assessments Cenzic users select the type of assessment needed for each application, such as PCI, OWASP Top 10, internal best practices and others. During the assessment, applications are crawled automatically or guided interactively by the user. Attack Library Cenzic s vulnerability discovery is driven by the Cenzic SmartAttacks library, which encapsulates best practices to test attack resistance, validate conformance to regulatory compliance and confirm internal security compliance. Robust, Easy Reporting With Cenzic, users can quickly and easily generate reports in a variety of formats, including PDF, Excel and Word. The reports include an application vulnerability summary, a total vulnerability risk score (HARM) and details on all the specific findings. 4

HARM Score The Cenzic HARM score helps you better understand your applications risks, measure progress toward security goals such as protecting your brand or getting compliant with regulations, and also gives you a measurement of your security baseline. For a given application, the HARM score is calculated by a series of formulas that determine how vulnerabilities detected by a potential attack are weighted. The HARM base score sums both applications total vulnerability profile and vulnerabilities detected by a particular SmartAttack in each application considering the following four areas: Application Session Browser Environment A complexity factor is applied to determine the means by which the vulnerability may be exploited. For instance, simple attacks such as those performed in a browser or automated with publicly available tools are considered higher risk. These are in contrast with attacks that require custom coded scripts. Web-Based Dashboard The Cenzic dashboard provides a standardized platform to manage application security risk throughout the enterprise. Role-based visibility provides a company-wide view of security status to executives as well as customized views to other users. Access is managed through the dashboard to control permissions of users and govern application access. The dashboard is designed so that users do not need to be security experts to run application tests and pull reports from Cenzic. From an intuitive interface, users can quickly see applications tested, vulnerability trends, applications most at risk, performance of business units conducting and remediation assessments. The Cenzic dashboard also gives users a summary of testing results including a prioritized listing of vulnerabilities based on Cenzic s quantitative risk scoring system (HARM ) to show what needs fixing first. A Web-based dashboard of application vulnerabilities is accessible in real-time to instantly show results and priorities for remediation. 5

Unified Architecture Because all Cenzic products are built on the same Hailstorm technology platform, users can effortlessly transfer data between software deployments (Cenzic Enterprise and Cenzic Desktop) and cloud deployments (Cenzic Managed Cloud, Cenzic Cloud and Cenzic Mobile). Cenzic products can also be deployed in combination Cenzic Hybrid (software and cloud). This deployment provides maximum flexibility as users are able to perform vulnerability testing using the software on premise or by leveraging Cenzic s expert security services team. Integration with Complementary Technologies Cenzic s integration with related technologies helps users more quickly block and correct application vulnerabilities. Integration with WAF (web application firewall), SIEM (security information and event management), SDLC (software development lifecycle), GRC (governance, risk management, and compliance), QA tools and other technologies ensures that vulnerabilities can be identified and immediately addressed. About Cenzic Cenzic provides an application security intelligence platform to continuously assess Cloud, Mobile and Web vulnerabilities. This helps brands of all sizes protect their reputation and manage security risk in the face of malicious attacks. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs. Cenzic, Inc. 1-866-4-CENZIC (1-866-423-6942) request@cenzic.com www.cenzic.com 2012 Cenzic, Inc. All rights reserved. Cenzic, Hailstorm, Stateful Assessment, HARM, and SmartAttack are registered trademarks of Cenzic, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information