Web Applications / Services Security, Vulnerability Scanning, Enterprise Security Software: Cenzic

- Top Vulnerabilities

- Trends Reports

- Alerts

- Disclosure Guidelines

- SmartAttack™ Library Updates

- Cenzic Newsletter

2005
March \| May
2006
June \| July \| August \| September \| October \| November \| December
2007
January \| February \| March \| April \| May \| June \| July \| August \| September \| October \| November \| December
2008
January \| February \| March

Web Application Security Newsletter - December 2006

A MESSAGE FROM THE EDITOR - With this issue, we close 2006 with a mix of articles that reflect the current trends in web application security and an indication of where we are headed in the coming year. We have witnessed a steady increase in attacks against web applications, and many smaller businesses and individuals are now being targeted more frequently. Findings suggest that up to 69% of attacks occur against web applications. As one of our featured articles this month points out, "Bad guys target wherever they can get money." Cenzic is staying ahead of this disturbing trend with its latest product offerings, Hailstorm Starter and Hailstorm Core, designed specifically to assess and secure small to midsized enterprises. Another featured article addresses concerns about the latest FFIEC guidelines for online banking, and why financial institutions need to go beyond stronger authentication to protect online customers.

1. SANS Top-20 Internet Security Attack Targets (2006 Annual Update)

Increasing attacks against web applications are a major trend
Cenzic has unveiled Hailstorm Enterprise ARC (Application Risk Controller), its first product to address application security assessment across the enterprise. According to the latest Symantec Threat Report, 59% of total vulnerabilities relate to web applications. The product simplifies ongoing application testing and application vulnerability management and provides a valuable solution to business risk management. Featuring an intelligent dashboard, the product gives companies the ability to automatically discover and inventory applications and provides a comprehensive view of their application security status.

2. InfoWorld Recognizes Cenzic as Leading Application Security Vendor in Security Special Report Issue

Hailstorm Professional receives the highest ranking
Hailstorm beats out competitive offerings with a score of 8.8 in a recent InfoWorld Security Special Report that covers the latest technology products and services. Described by InfoWorld as an "easy-to-use yet powerful tool," Hailstorm was the only product to be awarded an Excellent rating in the application security category. Cenzic is the only company in the industry to provide web application security solutions for organizations of any size.

3. Small companies ignorant of security?

Bad guys target wherever they can get money
Speaking at a recent IT security event in London, former White House Security Advisor Howard Schmidt warned that all businesses increase their vulnerability of becoming cybercrime victims by not taking proper security precautions. He noted that small businesses with limited staffing resources often do not have the time to devote to cybersecurity issues. Schmidt stressed that application software should have security built in from the beginning and that small to mid-sized enterprises must take security into account in their planning.

4. Cenzic Research Lab Identifies Top Five Critical Web Application Vulnerabilities for October

CIA Lab recommends steps to protect against October's Top Five
Cenzic's Intelligent Analysis (CIA) research lab recently announced the top five most serious web application vulnerabilities for October 2006. The team evaluates a range of newly discovered vulnerabilities and prioritizes them based on their potential to impact regulatory compliance, internal policy compliance, information privacy, and financial losses. This information is released monthly or bi-monthly and can be used as a first step by businesses to address their web application security. Read about these top five high-risk security issues.

5. Federal Rules May Not Fully Secure Online Banking Sites

Strong authentication is no silver bullet
IT managers and analysts recently advised financial institutions to look beyond federal guidelines on end-user authentication to strengthen their online security. The FFIEC guidelines go into effect on January 1. The guidelines, issued last year, call on banks and credit unions to adopt so-called stronger authentication measures to protect customers against online fraud. According to a credit union executive, strong authentication is "no silver bullet." An analyst notes that online fraudsters have already found a way to break the one-time passwords that some banks are using as a second from of authentication.

6. Security Solutions on Tap at Cenzic

Newest offerings provide security solutions for small businesses
Hailstorm Starter and Hailstorm Core are Cenzic's newest offerings designed to deliver security assessment solutions for small to midsized enterprises. Both products can be downloaded from Cenzic's web site at www.cenzic.com. Web applications are increasingly targeted by attackers, and companies of all sizes must be aware of their potential vulnerabilities. Hailstorm Starter supports instant, interactive assessments. Hailstorm Core tests and monitor applications for specific vulnerabilities. Hailstorm Starter is free, and Hailstorm Core is available for purchase.


>	Datasheet: Hailstorm Enterprise ARC
>	Datasheet: Hailstorm Pro
>	Datasheet: Hailstorm Starter
>	Datasheet: Hailstorm Core
>	White Paper: Beyond Simple Vulnerabilities Scanning
>	White Paper: Cross Frame Scripting
>	White Paper: Cenzic Imperative Assessment Plan
>	White Paper: Enabling Security in the Software Development Lifecycle (PDF)