Category Archives: product information

Cenzic Mobile is Named a SIIA Software CODiE Award Finalist!

Posted on by by Cenzic

We’re excited to announce that the Software & Information Industry Association (SIIA) has nominated our Cenzic Mobile service as one of the finalists in its coveted CODiE Awards as the Best Mobile Development Solution! The CODiE awards are renowned in the software and information industries and have been around for 27 years. This recognition of Cenzic Mobile as a finalist is further market validation for Cenzic and Cenzic Mobile’s product innovation, vision, and the industry impact.

 

 codie logo

Launched a little over a year ago, our Cenzic Mobile service scans and analyzes mobile applications and detects vulnerabilities in critical areas, including input validation authentication mechanisms, session security, encryption usage and policy compliance. The number of mobile applications developed today is staggering, which presents a new set of security challenges with rapidly changing threat vectors. We recommend that enterprises implement continuous mobile application security assessments to protect and ensure the highest levels of application integrity.

Check out the press release we issued last week and visit SIIA CODiE Awards for the list of finalists in all categories. Member voting is underway as we speak and the award winners will be announced on May 8th.

Cenzic Wins 3 Awards at RSA Conference 2013

Posted on by by Cenzic, Inc.

Cenzic’s goal is to provide customers with solutions that reduce application security vulnerabilities and risks. Over the years, Cenzic has succeeded at this mission and earned industry awards. The most recent recognition came at RSA Conference 2013 where Cenzic earned not one, not two, but three Info Security Global Excellence Awards.

Info Security Products Guide Gold Award

CENZIC MANAGED CLOUD
Best Cloud Security Service

Info Security Products Guide Bronze Award

CENZIC, INC.
Best Overall Security Company of the Year

Info Security Products Guide Bronze Award

CENZIC ENTERPRISE
Best Web Application Security Product

Visit the Info Security Products Guide Awards page to see the list of honorees in all categories.

Info Security Product Guide runs a tough competition. More than 50 judges from a broad spectrum of industry voices from around the world participated and their average scores determined the 2013 Global Excellence Awards Finalists and Winners.

Cenzic is honored to be recognized by Info Security Products Guide with 3 awards at RSA Conference 2013.

New Video: Cenzic Integration with F5 BIG-IP ASM for Complete Website Protection

Posted on by by Admin

Check out this new video from our friends at F5 Networks. In a few short minutes you’ll see how BIG-IP ASM integrates with Cenzic for complete website protection.

 

F5 Networks’ BIG-IP Application Security Manager (ASM) is a web application firewall (WAF) that protects critical applications from the most advanced threats.

By integrating Cenzic’s continuous online application testing capabilities with F5 BIG-IP ASM, vulnerabilities are immediately blocked as they are identified. This means that your organization remains protected and in compliance without interruption to business, and applications  vulnerabilities can be fixed in a resource-efficient manner.

Should SMBs worry about Web application security?

Posted on by by Bala Venkat

Let’s say that you are an owner of an SMB, you have a website that gets modest traffic, most of which you determine are your existing or potential customers. They browse your wares and offerings, and can purchase them directly through your website.

Let’s also say that security for your company’s website really hasn’t been one of your major concerns. You think to yourself, “Why should it be?” You service a small, yet steadily growing user-base. You don’t think you would be on a hacker’s radar for a million years.

You are one of the little guys right? Why would a hacker target you? Why would they go after your assets or customers when there are much bigger fish to fry?

The cold hard truth is that hacking isn’t like it used to be, it’s not one kid going after a particular site trying to break through firewalls to poke and prod around to find some secret military installation or the like.

Today, a majority of hackers, if not all, are using programs that automate their attacks. They use networks upon networks of hijacked “zombie” machines to do the dirty work by probing the Internet 24 hours a day, seven days a week looking for common Web application vulnerabilities. And they don’t discern between the sizes of a business—be it large or small. Every online business has the potential to make them money now, or down the road if they can get through the defenses.

They are looking to do one of two things, smash and grab (passwords, credit cards, user names, user data, etc.) or establish a long-standing foothold where they add hidden code that infects every one of your sites visitors—every time they visit your site!

Did you know that every month security researchers find over 400 new common vulnerabilities that can be exploited by hackers. Over 400! Every month! That’s almost 5000 new “COMMON” vulnerabilities a year!

If you aren’t scrubbing and evaluating your site during production, before it goes live and every few months, you are just giving away the farm. It may not be today, but it will happen and it could put you out of business. And as your business grows, you will become increasingly dependent on Web applications. If you take the necessary steps to institute a prevention plan now, you will be protecting your own business and your number one asset—your customers.

You may think you cannot afford it, but so you know Cenzic provides a free evaluation of Hailstorm, our pro-level evaluation software.

With Hailstorm Pro you can:

  • Test attack resistance, regulatory compliance and conformance with internal security policies all from your own desktop,
  • Detect more vulnerabilities and reduce false positives with Stateful Assessment™ technology,
  • Schedule assessments while applications are running, with no downtime, and
  • Reduce costs with automated penetration testing for both commercial and custom applications.

Do you and your customers a favor and try a free week of Hailstorm Pro…it’s on us.

Amidst the Mobile Pickpockets, Don’t Forget to Guard the Vault

Posted on by by John Weinschenk

Unfortunately, the industry’s current mobile security focus is like guarding against pickpockets while the bank vaults go unprotected.

Much has been written recently about mobile security: mobile apps surreptitiously uploading users’ contacts, the increase in Android malware, pirated apps adding bogus sms charges, and of course everything Apple is doing to secure their platform – sandboxing, MDM, application access control and security certificates. There are public cries for one-click kill commands that would enable VIPs to delete their contact list in an emergency, insistence for greater control of the distribution of Android applications, and calls for oversight of app developers who may help themselves to more information than their users realize.

Unfortunately, the industry’s current mobile security focus is like guarding against pickpockets while the bank vaults go unprotected. The attention is riveted on device-centric hacks; hacks that, for the most part rely on many individuals being infected or duped to succeed. And while as a consumer and the head of a security company, I applaud all security measures, I’d like to point out that the pot of gold for any motivated hacker is not mobile devices but the backend data and systems they connect to.

If you were a profiteering hacker, where would you aim your sights? Do you want Joe User’s address book, or the backup database with everyone’s address book? Would you make more hijacking mobile credit card transactions one at a time, or hacking a mobile payments authentication and verification database? Sure, it’s a more complex hack, but the payoff is exponential. So while I agree that finding and fixing vulnerabilities in mobile devices is important, I want to make sure it’s clear that it’s all for naught unless the vulnerabilities in the mobile application and how they communicate with the backend are also found, fixed, and monitored for new vulnerabilities.

Most experts agree that over the course of 2011 the sophistication of mobile attacks and malware became more sophisticated. Even still, many of us agree that we’ve only seen the first act. As mobile apps proliferate and mobile hackers gain experience and sophistication, there will be an increase in attacks focused on the big vaults of data, not just the individual pockets.

Cenzic actually has put its money where my mouth is on this. We’ve released our new application security intelligence service mobile offering that focuses on finding mobile app and backend vulnerabilities. More about our product here.

 

Cenzic + WAF = Intelligent Blocking

Posted on by by John Weinschenk

We have been getting a lot of questions about how to automate online application protection

We have been getting a lot of questions about how to automate online app protection. There are a number of ways to do this, but an easy one is integrating Cezic with your Web application firewall (WAF).

By integrating Cenzic’s continuous online application testing capabilities into a WAF, online app scans can be automatically run through the WAF using Cenzic’s cloud solution. Integrated WAF/Cenzic solutions (like Barracuda, CitrixF5Imperva and Trustwave) ensure that vulnerabilities are immediately blocked as they are identified. This means that your organization remains protected and in compliance without interruption to business, and code can be fixed in a resource-efficient manner.