COMPANY

Cenzic is the innovative leader in application security risk management, vulnerable assessment, and compliance solutions. Voted #1 by eWeek and InfoWorld, lauded by Gartner Group and IDC, and recipient of many prestigious awards, Cenzic has state-of-the-art, next-generation solutions — changing the dynamics of the application security industry.

Cenzic Web application security solutions provide customers the most accurate results possible in an automated and cost-effective way that quickly and intelligently assesses application security risks across the enterprise. Until now, this level of accuracy and speed could not be obtained, even through methodical, manual assessment by security consultants. Cenzic can automatically find the most “real” threats fast – across any enterprise application – legacy or new. This next-generation approach results in organizations being able to truly stay on top of unrelenting security threats while, at the same time, building the most secure future Web applications possible.

The Cenzic Solution

Unlike first-generation application security companies, which use signature-based solutions, Cenzic can provide customers the one and only “auto-discovery” and risk management solution across an enterprise. In doing so, security experts, QA professionals, and developers alike can easily and quickly identify how many applications they have, which of those apps have been tested, and then quickly find the most pressing vulnerabilities. This in turn enables them to prioritize the fixes, allocate resources, and integrate application security in their software development life cycle for future application development. Cenzic’s enterprise-wide approach allows everyone in an organization, tasked with security, to build state-of-the-art security into their applications.

Cenzic’s next-generation solutions range from its recently launched, first-of-its-kind, full-on enterprise risk assessment and management solution (Cenzic Hailstorm® Enterprise ARC™) to its software as service (SaaS), (Click-to-Secure™), so that customers can choose which best fits their needs. With a Cenzic solution, a company can rely on the most innovative and accurate Web application security products and services in the industry.

Cenzic solutions include:

• Cenzic Hailstorm - A suite of enterprise software solutions used by enterprises of all sizes throughout their software development life cycle (SDLC) to test for vulnerabilities in their Web applications.
• Cenzic ClickToSecure - A managed service (SaaS) with a remote assessment of customers’ applications.
• Assessment Methodology - Consulting service for business process re-engineering of customers’ application security processes

Security Training – Training services that will empower an organization to use best practices and processes to secure its applications.

Key Customer Benefits

Corporations and government agencies that use a Cenzic solution enjoy:

• Reduced risk and liability through most-secure applications possible on the Web today
• Reduced costs for security assessment
• Reduced development and testing costs
• Faster time-to-market for internally developed applications

Market, Customers, and Partners

Cenzic targets government agencies and Global 2000 corporations that use the Internet to execute key business functions and have large internal development groups. Many of Cenzic’s customers today are from financial services, e-retail, technology, and government sectors.

Cenzic has partnered with various leading-edge solutions to provide customers with a complete solution for the software development life cycle (SDLC), including HP (Mercury) for Q.A., Borland for development, Ouncelabs for source code scanning, and Netcontinuum for application firewalls.

Cenzic Technology

Cenzic’s technology goes beyond a signature-based approach by emulating a true hacker with a patent-pending Stateful Assessment™ approach that maintains the state of the application while attacking the application at the browser level. This approach allows Cenzic’s solutions to be the only ones to find all critical vulnerabilities, including application logic tests such as session hijacking, strong passwords, and privacy policy validation, on top of all the core vulnerabilities such as XSS, Buffer Overflow, SQL Disclosure, and others. Furthermore, only Cenzic solutions can test for vulnerabilities across all types of applications, including commercial and proprietary applications, and Web infrastructure.

This non-signature-based approach has made Cenzic solutions the most accurate in the industry, with very few false positives and false negatives.

Why the concern about Web applications security?

Businesses and government increasingly rely on Web-based applications that are essential to the modern enterprise but due to their open nature contain security vulnerabilities.

Traditional application security solutions have focused on solving perimeter security issues with tools such as Firewall, Intrusion Detection System (IDS), Anti-Virus, and Network Vulnerability Assessment. These security tools, although effective in their own right, do not address the security vulnerabilities exposed through Web applications (Ports 80 and 443 (SSL)) that must be left open to conduct business.

CIA Research

Our customers also get the benefit of our leading-edge research lab, Cenzic Intelligent Analysis (CIA). The lab focuses on evaluating new security vulnerabilities in both commercial and common applications, and feeding custom attack objects into the SmartAttacks™ Library, which is then pushed out regularly to our customers.

Top-Tier Funding Partners

Cenzic Inc. is a privately owned company headquartered in Silicon Valley, California. Cenzic is funded by top-tier investors, including Advanced Technology Ventures, Hummer Winblad Venture Partners, Mohr Davidow Ventures, JK&B Capital, and Symantec Corporation.