CIA RESEARCH

Resources

The CIA Research team has assembled the following publications. We are committed to expanding it's library of resources.

Cenzic's Application Security Trends Reports For Download Now!

Q1 2008 Trends Report on Web Security New!

Q4 2007 - Cenzic Security Trends Report

Q3 2007 - Cenzic Security Trends Report

Q2 2007 - Cenzic Security Trends Report

Q1 2007 - Cenzic Security Trends Report

White Paper: Beyond Simple Vulnerabilities Scanning

Traditional web vulnerability scanning tools started as operations point tools. They perform adequately at assessing infrastructure vulnerabilities. Cenzic Hailstorm is a tool for Security Quality Assurance of Web Applications. Hailstorm® is the first tool designed to test Web applications not only for common vulnerabilities but also for compliance to the individual customer-specific Security Policy. More >

White Paper: Cross Frame Scripting

Cross Frame Scripting is a new form of "phishing". Attackers create a frameset, place an unsuspecting target URL in frame 1 and a keystroke sniffing javascript in a second frame. The typical target URL is an account login page at a financial institution. CIA Research has developed a new policy that checks if a site has the appropriate defenses in place to defend against this attack. More >

White Paper: Cenzic Imperative Assessment Plan

The Hailstorm® SmartAttack Library™ includes a rich set of security vulnerability and compliance assessment policies. The Cenzic Imperative Assessment Plan defines a small subset of these policies that should be considered as the "must run" short-list of assessments. More >