Category Archives: web application security

Cenzic Mobile Wins Bronze in Security Software by Network Products Guide!

Posted on by by Bala Venkat

Network Products Guide Honors Cenzic MobileWe’re proud to announce that Network Products Guide has named Cenzic Mobile a winner in its 8th Annual Hot Companies and Best Products Awards! Cenzic Mobile earned the Bronze award in the Security Software category.

The Cenzic Mobile service scans and analyzes mobile applications and detects vulnerabilities in critical areas, such as input validation permissions policies, session security, encryption usage, policy compliance and many others.

Network Products Guide acknowledges that Cenzic is at the forefront of helping organizations secure mission-critical mobile applications that access sensitive information. Many mobile applications are vulnerable to attacks since they connect to databases on the backend. Cenzic’s mobile service provides application developers, security teams and IT operations personnel with insight across all mobile applications and backend services and recommendations for remediation of security risks. Because of its cloud-based delivery method, Cenzic is the only company in the market that can provide complete remote black box testing for mobile applications without requiring source code or binaries.

If you have a mobile application today or are currently in development, contact Cenzic to learn more about Cenzic Mobile

 

Cenzic Webinar on May 23: Top 10 Ways to Win Budget for Application Security

Posted on by by Cenzic, Inc.
Watch Now!

Did you miss the live webinar? No problem. The webinar recording and slides are now available.

 

Webinar: May 23. Register Now!

Join Cenzic for a live webinar on Thursday, May 23 at 11am Pacific (2pm Eastern):  “Top 10 Ways to Win Budget for Application Security.”

Security analysts and developers often recognize the need for application security tools, but have a hard time making the case to laymen budget holders. Even within IT organizations, existing spending patterns may starve application security. What to do? We will examine common scenarios, real-world examples, and offer data, reasoning and tactics to help you secure the resources you need for better online security.

Cenzic’s Chris Harget, a 15 year security industry veteran, will lead the webinar. Chris is leaving plenty of time to answer your security and budget-related questions.

Register now for “Top 10 Ways to Win Budget for Application Security.”

Application Security Services: When To Use Professional Services

Posted on by by Chris Harget

Have you ever identified an urgent need for a security fix, but lacked a qualified team member to do it? Have you ever been handed a schedule so ambitious that it’s not physically possible for your team to complete it? Is it sometimes easier to get a temporary budget increase than add a permanent headcount? These are all scenarios that cry out for application security services from Cenzic’s Professional Services Team. While most people know that Cenzic Managed Cloud includes our experts who will run application vulnerability scans for you, and report back the results, that’s just the tip of the Cenzic Professional Services iceberg.Application Security Services from Cenzic

Here are some recent examples of customers making novel and valuable use of Cenzic Professional Services.

  • A Fortune 100 Commercial Banking and Services company with more than $100 Billion in Assets needed to quickly begin scanning 110 applications. Cenzic Professional Services did a custom onboarding engagement, training each app traversal so that the Bank’s IT Security Analysts could then run scans themselves using Cenzic Enterprise software. This met their timeline needs, and kept the scanning results in-house, per their corporate policy.
  • A global NGO with thousands of web sites needed a Methodology Assessment of their security posture, and real-world training of their developers to minimize vulnerabilities in code. Cenzic Professional Services did a 3-day engagement with their application developers. Cenzic PS reviewed with them the 10 most common vulnerabilities in the wild, finding examples in their production applications. Cenzic PS demonstrated on a live demo site how a hacker could exploit those specific types of vulnerabilities, then reviewed coding best practices to completely eliminate said vulnerabilities.
  • A high technology company with a mobile application which accessed sensitive customer data, didn’t know how to assess it for vulnerabilities. Cenzic Mobile Scan service performed a dynamic analysis by placing a proxy in the line to the mobile app, which allowed technicians to replay various attacks and coupled it with a thorough forensic analysis of the application on the device to identify vulnerabilities that exposed customer data.
  • A Health Maintenance Organization needed a deep scan of a new application on a tight development schedule to ensure compliance. Cenzic PS performed Manual Penetration testing along with the comprehensive vulnerability scanning  to provide a very thorough scan which could suffice for any compliance or audit need.

Keep in mind that your goal is online security, and there are many ways to achieve that goal whether it is self-service, managed services, or a hybrid in between. Cenzic experts would love to help.

Cenzic Application Vulnerability Trends Report 2013 Now Available

Posted on by by Cenzic, Inc.

99% of Tested Applications Have Vulnerabilities

Cenzic’s analysis finds that in 2013 application vulnerabilities are all too common. 99% of tested applications have one or more vulnerabilities. And with a median number of vulnerabilities per app of 13, it’s no wonder that application-level attacks are a focus for bad actors. The full report is available for download at no charge.

Vulnerabilities come in many different forms. The chart below shows that Cross Site Scripting (XSS) continues to be most common class of application vulnerability.

2013 Application Vulnerability Trends

Summary Statistics: 2013 Application Vulnerability Population

The chart also shows that many classes of vulnerabilities exist in current applications and pose risks to companies along with their customers, employees and supply chain partners. While the distribution of specific vulnerability classes for 2013 is different than previous years, multiple variants of all classes continue to be detected in production apps.

Based on data collected by the Cenzic Managed Security team, the Cenzic Application Vulnerability Trends Report 2013 shares details about the kind, frequency and severity of vulnerabilities that will be found in production applications in 2013.

The time to act is now. Download the report today and learn about the current application vulnerabilities and risk landscape. And more importantly, use the report and its shocking findings as a motivation to improve your application security posture.

Cenzic Wins 3 Awards at RSA Conference 2013

Posted on by by Cenzic, Inc.

Cenzic’s goal is to provide customers with solutions that reduce application security vulnerabilities and risks. Over the years, Cenzic has succeeded at this mission and earned industry awards. The most recent recognition came at RSA Conference 2013 where Cenzic earned not one, not two, but three Info Security Global Excellence Awards.

Info Security Products Guide Gold Award

CENZIC MANAGED CLOUD
Best Cloud Security Service

Info Security Products Guide Bronze Award

CENZIC, INC.
Best Overall Security Company of the Year

Info Security Products Guide Bronze Award

CENZIC ENTERPRISE
Best Web Application Security Product

Visit the Info Security Products Guide Awards page to see the list of honorees in all categories.

Info Security Product Guide runs a tough competition. More than 50 judges from a broad spectrum of industry voices from around the world participated and their average scores determined the 2013 Global Excellence Awards Finalists and Winners.

Cenzic is honored to be recognized by Info Security Products Guide with 3 awards at RSA Conference 2013.

New Video: Cenzic Integration with F5 BIG-IP ASM for Complete Website Protection

Posted on by by Admin

Check out this new video from our friends at F5 Networks. In a few short minutes you’ll see how BIG-IP ASM integrates with Cenzic for complete website protection.

 

F5 Networks’ BIG-IP Application Security Manager (ASM) is a web application firewall (WAF) that protects critical applications from the most advanced threats.

By integrating Cenzic’s continuous online application testing capabilities with F5 BIG-IP ASM, vulnerabilities are immediately blocked as they are identified. This means that your organization remains protected and in compliance without interruption to business, and applications  vulnerabilities can be fixed in a resource-efficient manner.