Openness of Web Applications

Port 80 and 443 are wide open — do you know who's logged into your applications?

So, you have protected your perimeter by placing Intrusion Detection Systems, Firewalls, Anti-Virus, and other tools in your DMZ and internal network. Are you truly secure? Although network security is an important step toward a strong security posture, it's not nearly enough. It's like locking all the doors but putting the key under a transparent mat. Over 75% of attacks are occurring through Ports 80 and 443 (SSL), which are wide open.

The Problem

The problem is that corporate firewalls have to keep those ports to be open in order to do business online and interact with customers and partners. Unfortunately, cyber attackers exploit these open ports and wreak havoc. With numerous hacking tools readily available on line, even unsophisticated hackers can hack into your web applications.

The Solution

The solution is not to shut these ports down but to thwart attackers from causing harm once they have accessed your web site. Application vulnerabilities are big holes that are exploited by the crackers to attack your environment, which can result in embarrassment due to web defacement to major business disruption to loss of future business and brand.

Although most companies use security testing to find and fix flaws in their applications, the focus is still only on commonly known security vulnerabilities. Security vulnerabilities in custom web applications are often neglected, leaving companies totally exposed despite their best efforts.

Cenzic Hailstorm allows companies to find and fix not only known security vulnerabilities but also unknown vulnerabilities in their custom web applications. By enabling organizations to have a disciplined approach to vulnerability assessment and penetration testing, we give the power and control to our customers who can create a vulnerability management program for the entire software development lifecycle.