Cenzic provides software and SaaS / Managed Service products to protect Websites against hacker attacks. Unlike network security and SSL solutions, Cenzic tests for security defects at the Web application level where over 75% of attacks occur.

As you’ll see from the product overview, you can use our SaaS / Managed Service product, Cenzic ClickToSecure Managed, to “jump start” your security posture in as little as one week by having Cenzic’s security experts test your Web apps remotely.

And if you would rather have an on-premise software product, use Cenzic Hailstorm to run your own assessments to find the latest security defects across the entire SDLC including production.

Cenzic also offers a hybrid solution of both Managed Service and software products. This approach is used by organizations wanting to deploy software in-house but need to supplement their resources due to the large volume of Web applications. Both products are seamlessly integrated and results are compiled in a Web-enabled, intelligent dashboard.

Cenzic Hailstorm Enterprise ARC

Enterprise software product that tests Website security. Supports security risk management throughout the SDLC using a role-based & scalable architecture, with results via a Web dashboard.

Cenzic ClicktoSecure Managed

Managed service offering where Cenzic security experts remotely perform full vulnerability testing on your Website. Ideal solution for companies with limited budget and/or resources.

Cenzic ClickToSecure Cloud

Full SaaS offering that allows users to test their own Websites for basic attacks & receive actionable results all within their own Web portal. No security experts needed.

Hybrid Solution

Technology Overview

Cenzic takes a unique approach to solving Web application security risk problems via its technology backbone and strong research team. Built from the ground up from an innovative technology we call and trademarked Stateful Assessment™, Cenzic’s product suite is different than any other Web application security solution.

Stateful Assessment

Cenzic’s technology goes beyond a signature-based approach by emulating a true hacker with a Stateful Assessment approach that maintains the state of the application while attacking the application at the browser level. By using Mozilla to attack Web applications at the browser level, Cenzic finds all critical vulnerabilities including application logic tests such as session hijacking, strong passwords, privacy policy validation, etc. as well as all the core vulnerabilities like XSS, Buffer Overflow, SQL Disclosure, and others. And only Cenzic can test for vulnerabilities across all types of applications including commercial and proprietary applications, Web infrastructure and all stages of a Web application.

This non-signature based approach has made Cenzic solutions the most accurate in the industry, yielding few false positives and finding more “real” vulnerabilities.

HARM Score

The Cenzic HARM (Hailstorm Application Risk Metric) Score is a quantitative score for the risk associated with a Web application. Cenzic is the only company that prioritizes customer’s application vulnerabilities based on this unique scoring system, allowing you to prioritize and fix the big issues first.

The HARM score helps you better understand your applications’ risks, measure progress toward security goals such as protecting your brand or getting compliant with regulations, and also gives you a measurement of your security baseline.  For a given application, the HARM score is calculated by a series of formulas that determine how vulnerabilities detected by a potential attack are weighted.

Your HARM base score sums both your applications’ total vulnerability profile and vulnerabilities detected by a particular SmartAttack in each application considering the following four areas:

A complexity factor is applied to determine the means by which the vulnerability may be exploited.  For instance, simple attacks such as those performed in a browser or automated with publicly available tools are considered higher risk. These are in contrast with attacks that require custom coded scripts.

Testing Production Applications

Cenzic is the only company that provides organizations with the ability to test deployed Web applications via virtualization (through an integration with VMware).

Current methods of addressing the application security problem focus on improving the security process within the software development lifecycle.  Testing early in the development cycle has great merit, but it leaves production applications’ exposure unaddressed. Only a small percentage of Web applications are in the development or quality assurance stage at any point of time, leaving a vast majority of the applications in production exposed and vulnerable. Remarkably, these are the applications which are tested the least, if at all.

By integrating with virtualization technology, including VMware Lab Manager and VMware VirtualCenter, developers are able to continuously test production applications in a virtual or “staging” environment without the risk of compromising the environment. This will not only help organizations test all their applications but also allow them to continuously test Web applications for new application vulnerabilities, which are averaging more than 400 a month. When a vulnerability is identified, organizations can decide to fix the vulnerability and push the revised version into production or take other measures such as configuring their application firewalls to prevent hackers from attacking the application.

If you have a question or a comment, or would like more information or a demonstration, please let us know by completing the Contact Us box on the upper right side of this page.