Buffer Overflow Attack Protection, Assessment Risk Vulnerability, Enterprise Network Security Management, Network Risk Assessment, Web Application Security Testing / Vulnerabilities Scanning

- Product FAQs

SUPPORT

Product FAQs

1. What are your minimum system requirements?
2. How do I obtain a license for Cenzic Hailstorm?
3. Will running Cenzic Hailstorm bring down my server?
4. How do I integrate other products with Cenzic Hailstorm?
5. What report formats can I generate?
6. How do I run a job without having to be present at the console?
7. How do I test for vulnerabilities using a range of values?
8. Can I prevent the spider from going to certain parts of my site?
9. What is a policy? What is the SmartAttack Library™?

1. What are your minimum system requirements?

System Software Requirements

One of the following operating systems:

Windows 2000 Professional with Service Pack 4 or later
Windows XP Professional with Service Pack 2 or later
Windows 2003 server
Plus:
- Microsoft .NET Framework 2.0
- Microsoft Internet Information Server 5.0 or later

Hardware

® Pentium® 4-compatible CPU or later, 2.0 GHz or faster
2GB of RAM
2GB of free hard disk space
Display capable of 1600x1200 resolution and 16-bit color

2. How do I obtain a license for Cenzic Hailstorm

Licenses are distributed through digital license keys. Upon purchase of the product you should have received instructions on how to generate a request for a license. The product will not work without this license key. Contact technical support if you have not received a key or if you are unable to generate a license key request through the product.

3. Will running Cenzic Hailstorm bring down my server?

Cenzic Hailstorm provides a range of options to help manage risk in testing your environment, whether the target system is a production system or a test system. You can choose to traverse your application without executing any tests. This will allow you to understand key elements of your target site and get an idea of the scope of work. In selecting policies to run against your target site, you can choose both observer and intrusive policy tests. Intrusive policy tests are designed to push your target system to failure. You always have control over which policies you wish to run.

4. How do I integrate other products with Cenzic Hailstorm?

Cenzic provides both APIs (Application Programming Interface) and CLIs (Command Line Interface) to help you integrate and leverage the product features. APIs can be used to create complex, highly customized applications. CLIs are used to schedule jobs, modify parameters dynamically, and other tasks. Your product documentation contains further information on how to use the APIs and CLIs. Cenzic also provides professional services to help you customize and develop specific features beyond the base product.

5. What report formats can I generate?

To provide maximum flexibility, Cenzic Hailstorm provides you the capability of printing, saving, and exporting reports into many different formats. Some of these formats include PDF, Word, Text, XML, and others. If you have a format that is not included in the supported list found in your documentation, we suggest you use Text or XML and customize the data per your needs.

6. How do I run a job without having to be present at the console?

Good IT and testing practices require testing against test systems or scheduling tests on production systems for off-peak, maintenance slots. Cenzic Hailstorm gives you control over how and when to execute jobs. This schedule capability allows you to either break up your job into smaller pieces to fit within a particular maintenance window; or allows you to run intrusive/unsafe policies when you are able to restore the target server if it fails during testing.

7. How do I test for vulnerabilities using a range of values?

One unique feature of Cenzic Hailstorm is the ability to create a series of value for input during a test. This value series is called a dataset. Datasets can consists of N number of values of any type and can be used in policies ranging from "good password" policies (to check for trivial passwords) to "buffer overflow" policies (that push data of varying lengths to the server until it fails to respond).

8. Can I prevent the spider from going to certain parts of my site?

Yes, by using a protective feature called Black Lists. Black Lists contain values, using standard regular expressions that indicate to the spider pages it should not scan, regardless of how your application may be designed. Conversely, a White List allows you to indicate to Cenzic Hailstorm which sites must be part of the test process and not skipped.

9. What is a policy? What is the SmartAttack Library™?

A policy is the specific rule or guideline against which a target can be tested or observed. Policies can contain various parameters and other characteristics to provide maximum extensibility. Policies can be used to test for vulnerabilities, to enforce internal security policies, or to test for application logic. The SmartAttack Library™ contains all of the policies generated either by Cenzic's CIA Research Team or by your organization for specific, custom applications. Policies can be broad enough to discover multiple types of vulnerabilities, eliminating the need for daily updates and patches.

If your questions have not been answered by this FAQ, please go to our Support Request form.


>	Datasheet: Hailstorm Enterprise ARC
>	Datasheet: Hailstorm Pro
>	Datasheet: Hailstorm Starter
>	Datasheet: Hailstorm Core
>	White Paper: Beyond Simple Vulnerabilities Scanning
>	White Paper: Cross Frame Scripting
>	White Paper: Cenzic Imperative Assessment Plan
>	White Paper: Enabling Security in the Software Development Lifecycle (PDF)