Vulnerability Scanners, Application Security Penetration Testing, Security Vulnerabilities: Cenzic

NEWS & EVENTS

Press Coverage

2008

Tech News World - 04/30/2008

The Art of Cyber Warfare, Part 2: Digital Defense

Cyber warfare is a sort of irregular warfare, a strategy usually employed by underdogs fighting a stronger enemy. Cyber attack tactics, however, are sometimes backed by strong forces. To defend against such an attack, exercises like Cyber Storm involve wide stretches of both public and private sectors of American infrastructure.

The Wall Street Transcript - 04/28/2008

Questioning Market leaders For long Term investors

Interview transcript with John Weinschenk, President and CEO of Cenzic Inc.

John Weinschenk is a technology executive who has led several companies to unprecedented success. His career is marked by an unusually broad background in both engineering and business. He has led technical groups in key security and enterprise software firms, and has brought his in-depth understanding of the latest technologies, market dynamics and business models to leadership roles in business strategy and marketing divisions at leading corporations.

SC Magazine - 04/22/2008

XSS flaw on Obama page sends visitors to Clinton site

The battle between Democratic presidential hopefuls Barack Obama and Hillary Rodham Clinton extended to cyberspace when a prankster over the weekend exploited a cross-site scripting (XSS) vulnerability on the website of the Illinois senator to redirect traffic to Clinton's homepage.

The Earth Times - 04/21/2008

Cenzic Selected as the Best Web App Security Assessment Solution by SC Magazine

Cenzic, the leading provider of application security vulnerability assessment and risk management solutions, today announced the company has received five out of five stars for its Hailstorm Enterprise ARC (Application Risk Controller) 5.5 solution in a product review conducted by SC Magazine. The product also received the "Best Buy" designation among the products in the group, which included HP WebInspect and IBM's Rational AppScan.

Red Herring - 04/14/2008

RED HERRING 100

For over 10 years, the Red Herring editorial team has diligently surveyed entrepreneurship around the globe. Technology industry executives, investors, and observers have regarded the Red Herring 100 lists as an invaluable instrument to discover and advocate the promising startups that will lead the next wave of disruption and innovation.

InfoWorld.com - 04/03/2008

Apps security testing companies ride wave

Providers of applications security testing tools say business is taking off, as more customers are building such capabilities into their development lifecycles and large platform providers have picked off some of their closest rivals.

While IBM and HP work to integrate the acquired technologies into their broader software development platforms -- and try to affect a significant change in the way developers secure their code -- IT security teams and software quality assurance (QA) specialists are still investing in the offerings of stand-alone providers such as Cenzic, Fortify, Ounce Labs, and WhiteHat, industry players maintain.

Yahoo! Finance - 03/25/2008

Beware Tax Filers - Top Five Electronic Tax Filing Dangers

With the tax deadline looming, Cenzic Inc., a leading provider of application security vulnerability assessment and risk management solutions, today alerted consumers of the top five security related issues they face when filing taxes online. The IRS received approximately 47 million returns as of Feb. 22, 2008, and of those returns, 38 million were filed electronically, up 5 percent from the 2007 filing season. With e- filing at an all time high, consumers need to know what's at stake and what they can do to protect themselves.

CMS Wire - 03/05/2008

The Vulnerability of Web 2.0 Technologies

Web 2.0 technologies are fraught with vulnerabilities. Seventy-one percent of all security vulnerabilities were attributed to both open source and commercial Web applications, according to a report by security firm Cenzic Inc., "Application Security Trend Report for Q4 2007."

Softpedia - 03/05/2008

Is Internet Explorer Safer Than Firefox, Opera and Safari?

The face-off for dominance on the browser market is essentially a four-horse race between Internet Explorer, Firefox, Safari and Opera. Now, the truth of the matter is that Internet Explorer has long become the preferred browser worldwide, starting with the moment it was bundled with Windows and offered for free in order to beat Netscape at its own game. Firefox comes in second in terms of install base, enjoying the backing of Google, with Safari in third place thanks to the Mac OS X and with Opera a distant fourth. But along with market share, security is another relevant aspect of the browser war.

Campus Technology - 03/03/2008

Study: The Year's Top-10 Web Application Vulnerabilities

Web applications, by far, dominate the list of application security vulnerabilities facing IT organizations. While 29 percent of vulnerabilities are attributable to network and infrastructure weaknesses, a full 71 percent are attributable to both open source and commercial Web applications, according to a report released recently by security firm Cenzic Inc., "Application Security Trend Report for Q4 2007."

Application Development Trends - 03/03/2008

Study: The Year's Top-10 Web Application Vulnerabilities

Enterprise Systems - 03/03/2008

Study: The Year's Top-10 Web Application Vulnerabilities

Redmond Channel Partner Online - 03/03/2008

Study: The Year's Top-10 Web Application Vulnerabilities

Redmond Developer News - 03/03/2008

Study: The Year's Top-10 Web Application Vulnerabilities

The Journal - 03/01/2008

Study: The Year's Top-10 Web Application Vulnerabilities

Dark Reading - 02/29/2008

Cenzic: IE Least Vulnerable Browser in Q4

Cenzic Inc , the innovative leader of application vulnerability assessment and risk management solutions, today released its Application Security Trend Report for Q4 2007. This report includes a consolidation of findings for all of 2007, along with the Top 10 Web application vulnerabilities highlighted for both Q4 and Top Five Web application vulnerabilities for the year.

"As seen in the report, Web application vulnerabilities dominated much of 2007," said Mandeep Khera, VP of marketing at Cenzic. "We saw some major attacks through Web sites in 2007. We haven't seen the impact from the holiday season yet because many times it takes months for corporations to realized they have been attacked. In addition, hackers are no longer interested in publicizing their conquests; their main goal is now profit. While organizations are more conscious of security for Web applications, we need to see a lot more initiatives for Web security in 2008. Web application security is reaching a crisis point."

Help Net Security - 02/29/2008

Microsoft Internet Explorer least vulnerable browser in Q4

In spite of a slight decrease in total number of vulnerabilities, Web application vulnerabilities continue to be the largest percentage of vulnerability types, and increased 3 percent over Q3, while attacks and probes rose from 1.3 million in October to 1.7 million in December. In a surprising twist, Microsoft Internet Explorer proved to be the least vulnerable browser when compared to Safari, Opera and Mozilla Firefox.

InfoWorld.com - 02/28/2008

Pervasive Web apps flaws under siege

The volume of threats leveled at Web-based applications continues to surge and the sheer number of flaws existent in many such programs is making it easy for attackers to be successful in their efforts to steal data and generating income, according to the latest research report issued by Cenzic.

Street Insider - 02/04/2008

Hailstorm Enterprise ARC Named Best Security Solution

The Global Excellence winners were announced at the Technosium 2008 conference in Santa Clara, Calif. on Jan. 30. The selection process included voting by 11,000 end-users, channel partners and readers of the Info Security Products Guide.

Morningstar - Market Wire - 02/04/2008

Cenzic Hailstorm Enterprise ARC Named Best Security Solution for the Enterprise

SANTA CLARA, CA -- (MARKET WIRE) -- 02/04/08 -- Cenzic, the leading provider of application security vulnerability assessment and risk management solutions, today announced that its Hailstorm Enterprise ARC (Application Risk Controller) product has been named the winner in the Security Solution for Enterprise category for the 2008 Info Security Products Guide Global Excellence Awards. Cenzic, which was also named a finalist in the Application Security Solution category, beat five other finalists for the title.

EMA - 2/1/2008

System Failure, All Is Well - Cenzic Reduces the Risk of Vulnerability Testing Through Virtualization

On, December 10, 2007, Cenzic, an innovative leader in web application assessment technologies, announced the release of Hailstorm 5.5 which will include virtualization capabilities for assessing production environments.

Law Librarian Blog - 01/18/2008

Researchers: Beware the IE Cache on a Public Terminal

"If you use Internet Explorer to access Google's Gmail on public terminals, you may be leaving a lot of sensitive information exposed in the browser's cache, according to a warning from Web application security specialist Cenzic. However, Microsoft has downplayed the risk, insisting this is "not a product vulnerability." Cenzic spokesman Mandeep Khera said his company's researchers figured out a way to use CSRF (cross-site request forgery) in combination with the improper use of caching directives to hijack Gmail credentials from the IE cache.

InfoWorld.com - 01/03/2008

InfoWorld Virtualization Report

InfoWorld Pod-cast covers Cenzic Hailstorm 5.5 testing of production Web apps through integration with VMware Lab Manager and Virtual Center.

2007

PC Advisor - 12/19/2007

Gmail open to Internet Explorer hijacks

Hackers can exploit an unpatched flaw in Microsoft's Internet Explorer browser to access Gmail accounts, according to security firm Cenzic.

Cenzic has warned Internet Explorer users than the browser contains an unspecified cached files bug that, when combined with a cross-site request forgery flaw in Gmail, exposes the webmail account sign-ons and lets others access those accounts and any messages or file attachments there.

Computerworld Security - 12/18/2007

Update: Bugs in IE, Gmail allow hackers to hijack public PCs, researchers say

Microsoft Corp.'s Internet Explorer browser has an unpatched vulnerability that could let hackers hijack, then access, Google Inc. Gmail accounts, a security company warned yesterday.

Today, however, both Microsoft and Google rejected the claim by Santa Clara, Calif.-based Cenzic Inc. and denied that there is anything wrong with their products.

PC World - 12/17/2007

SMB - Veracode pitches backdoor apps security

Veracode launched a new version of its binary code analysis service on Monday that focuses specifically on helping software engineers find potential backdoor vulnerabilities in their programs.

While some applications security companies scour source code for flaws, such as Fortify, and others specialize in testing programs already running in production, such as Cenzic, Veracode is spinning itself as an alternative by channeling its efforts into looking for vulnerabilities in binary code and offering the capabilities as a fully-hosted service.

Internetnews.com - 12/17/2007

Security Alarm Sounded on Gmail and IE

Security vendor Cenzic has issued an advisory warning against alleged vulnerabilities in Google's Gmail and Microsoft's Internet Explorer.

The vulnerabilities involve potential Cross-site Request Forgery (CSRF) and Cross Site Scripting (define) attacks that could be used to take users' information.

In the case of Gmail, Cenzic alleges that the CSRF exists for addresses that display attachments. With Microsoft's IE, the company said the problem is with how caching occurs which could lead to a XSS attack. Cenzic alleges that the user's cache could be exploited across shared accounts on the same PC.

FindTech Blogs - 12/12/2007

Virtual security scanning centers

The folks at Cenzic announced a new version of their Hailstorm application scanning product. One of the features is an integration with VMware that may be an inspiring approach for scanning and application penetration testing. Most organizations want to test applications as close to production as possible, without risk of disrupting the business. Applying virtual security scanning centers have many benefits for organizations.

SearchSoftwareQuality.com - 12/10/2007

Application security testing goes virtual

The use of virtualization promises to make it easier to test Web applications already in production for security vulnerabilities, according to Cenzic Inc. The company this week announced Cenzic Hailstorm Enterprise Application Risk Controller (ARC) 5.5, which features integration with VMware Lab Manager and VMware Virtual Center, server virtualization products from VMware Inc.

"Application security is being driven by QA and development people, but all production applications out there are susceptible," said John Weinschenk, president and CEO of Santa Clara, Calif.-based Cenzic. The technical challenges of testing these applications once in production include corrupting the data associated with an application and taking an application down, he said.

Dark Reading - 12/10/2007

Cenzic Integrates VMWare

Cenzic Inc., a leader in Web application security assessment and risk-management, today announced its solutions for the virtualization arena with the integration of its flagship product line, Cenzic HailstormR Enterprise ARC (Application Risk Controller) with VMware Lab Manager and VMware Virtual Center. Cenzic is the first company to allow automated security assessment of Web applications in production through virtualization.

Additional features in Hailstorm Enterprise ARC 5.5 include major enhancements to compliance reporting, in which users generate assessment reports based on specific regulations such as PCI, GLBA, HIPAA, or AB 1950, and to the risk management dashboard, which now enables users to sort their vulnerabilities by HARM, a quantitative score which lets users easily see which vulnerabilities have the highest risk. The release also includes many features to enhance the user experience and tighten integration with other application security solutions. Many of these features will also be supported in Hailstorm Professional 5.5.

InfoWorld.com - 12/10/2007

Cenzic virtualizes Web apps testing

Web applications security testing specialist Cenzic announced the latest version of its flagship scanning platform on Monday, adding new capabilities for inspecting programs utilizing virtualization technologies made by VMWare.

While leading software development platform makers, including IBM and HP, have invested heavily in acquiring assets from the applications testing tools market over the last year in an effort to force programmers to improve the quality of their work, hundreds of millions of existing Web applications still need to be examined for potential flaws, Cenzic officials maintain.

SD Times - 12/10/2007

Cenzic Makes Testing Continuous

Cenzic has jumped on the virtualization bandwagon, by teaming up with VMware in the latest version of Cenzic Hailstorm Application Risk Controller (ARC).

Cenzic Hailstorm ARC 5.5, released today, has integration capabilities with the EMC subsidiary's VMware Lab Manager and VMware Virtualization Center, which offer what Cenzic calls the ability to continuously test production applications in a virtual environment without the risk of disrupting the environment.

VMblog.com - 12/09/2007

Cenzic Virtualizes Security

The problem with doing application vulnerability testing in a live production environment is just that -- it's a live production environment, and if you break something, it could cause a lot of harm.

Yet there is a real need for live production server testing, since new attack vectors and vulnerabilities emerge on an almost-daily basis. The answer to the problem, according to application vulnerability testing vendor Cenzic, is virtualization.

Not surprisingly, it's the cornerstone of Cenzic's new Hailstorm 5.5 software release.

Internetnews.com - 12/07/2007

Cenzic Virtualizes Security

InfoWorld.com - 11/09/2007

Report - 90 percent of Web apps still vulnerable

It may not be surprising that Web applications security software provider Cenzic contends that a large number of online programs could use some overall improvement -- but, according the company's latest research, a whopping 90 percent of all Web apps it has studied are vulnerable to some form of attack.

On Monday, the company will release its third quarter assessment of the current state of Web applications security, along with its list of the leading vulnerabilities it has discovered in its research.

According to Mandeep Khera, vice president of marketing for Cenzic, the outlook hasn't improved much over the last few months as" thousands of corporations and government agencies" have done nothing to protect their applications, which he said continue to harbor serious flaws.

technosium.com - 10/30/2007

2008 Hot Companies Awards

Technosium Conference and Expo held once every year in Silicon Valley announced today an agreement to host the global 2008 Hot Companies Awards organized by Silicon Valley Communications. Winners of the 2008 Hot Companies awards will be honored during the 2008 Executive Summit being held in January at the Technosium 2008 Conference and Expo.

Silicon Valley Communications will be releasing a special report highlighting IT companies from around the world that excel in 4Ps (People, Products, Performance and Potential). This report will be made available to all the attendees of Technosium 2008. A complete list of companies that made it to finalists is available at http://www.technosium.com/hotcompanies.

crn.com - 10/22/2007

Review: Cenzic Hailstorm ARC 5.0

With the release of version 5.0, the Hailstorm Enterprise ARC Web-based management application can now deploy the Hailstorm security engine across an enterprise. ARC is more than just a portal that manages many Hailstorm engines simultaneously. The software also helps IT managers and developers manage unsecured code.

eWeek.com - 10/16/2007

Core Security Adds Web App Testing to Tool Belt

The company's focus seems to be in line with the findings of a recent survey by Web application security vendor Cenzic and the Executive Alliance, an organization based in Marietta, Ga. The survey included responses from 476 enterprise security information executives and found about 50 percent were somewhat confident to not confident that their Web applications were safe from attack.

The Daily Incite - 10/03/2007

The Laundry List

HP and Cenzic kiss and make up. Or one realized that the opponent spends more on toilet paper in a month than they've raised in venture capital. Either way, now everything is happy happy. - Cenzic release.

wsg.com - 10/02/2007

Angelina Jolie Nude; Ballmer Rips Ellison; Other News

* There are no nude pictures of Angelina Jolie in that email. Any message that suggests otherwise really contains a virus that will allow a hacker to take over your computer. We hope you don't need the Business Technology Blog to tell you this "this kind of attack is so 2004" but it turns out that emails claiming to contain the aforementioned nude pics accounted for four out of every five spam emails in one recent 24-hour period, so another warning seems in order. (Sorry, the link is to the study.) Meanwhile, savvy hackers are abandoning email for video. A new study by the Georgia Tech Information Security Center found that hackers are embedding viruses and other malicious code in online videos and other new media types. "People are accustomed to not clicking on messages from banks, but they all want to see videos from YouTube," Chris Rouland, an IBM security exec, tells the AP. So use a little caution next time someone sends you a clip of a man slipping on a banana peel.

VNUNET.it - 10/02/2007

HP has integrated Spi Dynamics And settles the dispute on the licenses with Cenzic

Hewlett-Packard has closed one dispute on the licences, inherited from the acquisition of SPI Dynamics, signing a sharing agreement licences with Cenzic.

TMCNet - 10/01/2007

HP and Cenzic Enter Into a Cross-License Agreement for Disputed Patents

ZDNet.com - 10/01/2007

HP, Cenzic settle fault injection patent spat

Web application security firms HP (SPI Dynamics) and Cenzic have called off the dogs in a patent dispute over fault injection technology. The two companies had sued "and countersued" each other over the use of fault injection in Web application security scanner but, in a brief statement today, HP and Cenzic agreed to dismiss the lawsuits and enter into cross-licensing deals.

TMCNet - 10/01/2007

Data Leakage Among the Global 2000 Causes a Spike in Planned Adoption of Outbound Content Compliance (OCC) Solutions, According to TheInfoPro (TIP)

Over 150 Fortune 1000 end users were interviewed for the Wave 9 Security Study, providing commentary and insight on their security adoption plans, management strategies, and vendor performance. Information Security Technology providers that were mentioned throughout the study include: 3Com, ACS, ActivIdentity, Aladdin, AmbironTrustWave, Application Security, Inc., ASPG, Atos Origin, Attachmate, Authenex, Authentix, BearingPoint, Blue Coat, Blue Ridge Networks, BMC Software, BorederWare, Breach Security, Inc, Burton Group, Cenza, Cenzic, Cigital, Cipher Technologies, Citrix, Code Green, Courion, BRYPTOCard, CSC, Cyber-Ark, DigitalPersona, EDS, eEye, Entersys, F5 Networks, Fluke Networks, FoxT, F-Secure, Fujitsu Siemens, Gemalto, nCipher, Neohapsis, NeoScale, Nokia, N-Stalker, Open Source, Orange, Orchestria, Ounce Labs, PassGo, Passlogix, PC Guardian, PKWARE, Proofpoint, Protegrity, Rapid7, Reconnex, Red Hat, SafeNet, Safeward Inc., Sana Security, SAP, ScriptLogic, SECUDE IT Security, Sentillion, Siemens AG, Sophos, Stach & Liu, Tata, Third Brigade, TriCipher, Vanco, VASCO, WhiteHat Security, Wipro, ZixCorp

sanjose.bizjournals.com - 10/01/2007

HP, Cenzic end patent dispute with cross-license

Hewlett-Packard Co. and Cenzic Inc. said Monday they signed a settlement and cross-license agreement for patents over which the two companies were disputing.

Internetnews.com - 10/01/2007

HP Settles Patent Dispute With Cenzic

Patent infringement can be a dicey affair, with parties arguing over whether intellectual property infringement occurred.

Information Week - 10/01/2007

HP Buys SPI Dynamics, Settles Cenzic Patent Dispute

Hewlett-Packard (NYSE: HP) has settled two outstanding patent suits by reaching a patent-sharing agreement with Cenzic, a neighboring Santa Clara, Calif., supplier of security software. The original suits were between Cenzic and SPI Dynamics, a company that HP acquired a month ago.

Software Magazine - 09/18/2007

Cenzic Boosts Web Application Security with Two New Releases

Lower maintenance costs and greater accessibility continue to drive applications from the internal client/server model to the Web. The downside: greater vulnerability. Not only can hackers break in remotely, but their attack methods are constantly changing and becoming more sophisticated. It's not just e-mail viruses and network security but the Web application code itself that companies must protect against data theft and alteration. And with front ends linked to databases and back-end systems, all components in a Web-based chain are vulnerable and need to be secured, says John Weinschenk, CEO of Cenzic.

Outlook Series - 09/11/2007

Securing Web 2.0 Applications

Web 2.0 is not a technical term, but a term more akin to an artifact of social science that has come to vaguely describe a new vision for the Web. Moreover, Web 2.0 Applications should not be understood as a new technology, but a new use of old technologies. However, if Web 2.0 applications are more functionally interactive, could it be that they are more vulnerable to application layer attacks? We interview Mandeep Khera gain Cenzic's perspective on the extra security risks associated with web 2.0.

Information Security Magazine - 09/04/2007

Is Your Vendor a Sitting Duck?

Is Cenzic on Borrowed Time? The standalone Web application security market has been pared to one.Cenzic, essentially the remaining standalone Web application security company, says its position has never been stronger and assures its customers that it's not in play. VP of marketing Mandeep Khera says HP's and IBM's respective acquisitions of SPI Dynamics and Watchfire validate the importance of Web application security, and that Cenzic will remain viable by pursuing partnerships with larger infrastructure vendors that could resell its products or offer them as services.

TeChNiCaL hAcKz AnD tRiCkZ - 08/31/2007

How Hackers Break Into Computers

Many of the most skilled individuals involved in discovering new ways to break into computers work in corporate, governmental, or academic laboratories. They not only use considerable brainpower and creativity in their jobs but also typically create and use sophisticated software tools to assist them in their research duties. (The National Security Agency, or NSA, was one of the earliest government agencies to create such a research group). Even in these research environments, the people who find ways to break into computers typically describe themselves as "hackers."

Computerworld Security - 08/20/2007

Web Application Vulnerabilities on Rise

Amrit Williams has been observing an ironic trend in security threats: Botnet herders are protecting the PCs they control from other malware. The chief technology officer at BigFix Inc. in Emeryville, Calif., explains that the malware that is spewing across the Internet is so pervasive that some hackers must defend their ill-gotten, compromised machines from attack. How pervasive is that? IDC estimates that malware writers release 450 new strains of viruses, Trojan horses and other apps of their ilk each month.

Banking Information Security News - 08/09/2007

Black Hat 2007 Conference - Cenzic Interview

Information Security Media Group was one of the sponsors of this year's Black Hat 2007 briefing held in Las Vegas on August 1st and 2nd. Black Hat is recognized as the premier event at which to release information on newly discovered security vulnerabilities in the hacking community. Cenzic sent representatives to demonstrate their latest product offerings, and answer the often difficult questions of how their products meet the evolving threat picture. This interview was taken on the floor of the show by Banking Information Security News staff.

Linux Insider - 08/07/2007

Sharing Insecurities at Black Hat

Walking through a conference populated by computer experts constantly on the lookout for the latest chinks in digital armor, one couldn't help but suspect that some of the attendees plunking away at laptops might be testing new ways to snoop on computers in their immediate vicinity. Black Hat's own literature warned about the use of wireless devices in the Palace Tower.

Tech News World - 08/07/2007

Sharing Insecurities at Black Hat

VNUNET.fr - 08/06/2007

Cenzic VNUNET.fr Online Coverage

More then 70% of the vulnerabilities come from web technologies. According to the company Cenzic, the number of declared vulnerabilities has increased by 7% during the second trimester.

SD Times - 08/02/2007

App Security Gets Caught in a Hailstorm

As the landscape of the application security market changes significantly with the recent acquisitions of two of Cenzic's major competitors, the Santa Clara-based Web app security provider is looking to devour a larger piece of the pie.

USA Today Technology Live Blog - 08/01/2007

Hackers' new target: Company web applications

Most corporations wield sturdy firewalls and intrusion detection systems deterring hackers from breaking into networks. So, naturally, the best and brightest hackers have moved on. Their No. 1 target: website applications. That's the big theme at the Black Hat security conference in Las Vegas this week.

SD Times - 08/01/2007

Keeping Code Secure: Should Government Get Involved?

The application security market got a shot in arm earlier this summer when IBM announced plans to buy Watchfire, and Hewlett-Packard followed suit, declaring its intention to acquire SPI Dynamics. The entry of big players into a market made up of small startups is likely to boost the credibility of a message that application security toolmakers admit hasn't yet fully taken hold: The key to keeping applications secure is writing code that is inherently harder to attack: not just blocking intruders at the network door.

Internetnews.com - 07/31/2007

Surprise! Web Vulnerabilities on the Rise

With the Black Hat security conference under way in Las Vegas, the pace and volume of security related news is just warming up. To help get it started, security analysis vendor Cenzic today issued its second-quarter Application Security Trends report claiming that, once again, vulnerabilities are on the rise.

SDA Asia Online - 07/19/2007

Cenzic SDA Asia Online Coverage

With the release of a new product and its two biggest rivals currently being acquired by the foremost IT companies, Cenzic, the application security test specialist, believes that the company is ready to get the profit from this new position, without any rivals.

InfoWorld.com - 07/18/2007

Applications security: Cenzic stands alone

The acquisitions of rivals Watchfire and SPI offer Cenzic an opportunity to increase market share...

SearchSoftwareQuality.com - 07/18/2007

Cenzic enhances software security assessment tool

Cenzic, a provider of application security assessment and risk-management solutions, this week released a new version of the company's flagship product line, Cenzic Hailstorm Enterprise ARC (Application Risk Controller) 5.0 and the latest edition of the company's managed service, ClickToSecure ARC.

IT Backbones - 07/18/2007

Cenzic Unveils Two "Game-Changing" Application Security Releases

Hailstorm Enterprise ARC 5.0 is now the "superset" solution for other application security solutions like SPI Dynamics, Watchfire, Fortify, and Manual Penetration Testing...

The Daily Incite - 07/17/2007

The Laundry List

More security coincidence? Watchfire and Cenzic both announce new releases today. The difference? Watchfire has gotten their payday...

Dark Reading - 07/17/2007

Cenzic Unveils New Tool, Service

Cenzic , the leading provider of application security assessment and risk-management solutions, today released a new version of the company's flagship product line, Cenzic Hailstorm Enterprise ARC (Application Risk Controller) 5.0 and the latest edition of the company's managed service, ClickToSecure ARC...

Security News Portal - 07/17/2007

Cenzic Unveils Two Game-Changing Application Security Releases

Hailstorm Enterprise ARC 5.0 is now the superset solution for other application security solutions like SPI Dynamics, Watchfire, Fortify, and Manual Penetration Testing

Datamonitor ComputerWire - 07/17/2007

Cenzic Switches Gears, Updates Web Security Tool

Cenzic, currently known as the web app security testing company that has not been acquired, has released a new version of its risk management tooling.

TMCNet - 07/16/2007

Cenzic Takes Competitor Pieces

What are you supposed to do when your competitors are bought? If you're Cenzic, you take a piece of each for yourself. The application security vendor has watched its key competitors get absorbed by a pair of the biggest names in IT. IBM took Watchfire and HP bought out SPI Dynamics.

SYS-CON Media - 07/16/2007

Cenzic Unveils Two "Game-Changing" Application Security Releases

Cenzic, the leading provider of application security assessment and risk-management solutions, today released a new version of the company's flagship product line, Cenzic Hailstorm Enterprise ARC (Application Risk Controller) 5.0 and the latest edition of the company's managed service, ClickToSecure ARC, representing the only true application risk-management "superset" in the industry.

SD Times - 07/16/2007

Cenzic Brings on the Hailstorm

Cenzic today released version 5.0 of Cenzic Hailstorm Application Risk Controller (ARC), the company's risk management platform for application security. Version 5.0 of Hailstorm ARC offers a dashboard view of Cenzic's application security tools, along with the ability to work with third-party tools, including recently acquired security tools such as HP's SPI Dynamics and IBM's Watchfire lines.

Internetnews.com - 07/16/2007

ARC 5.0 Coverage

What are you supposed to do when your competitors are bought? If you're Cenzic, you take a piece of each for yourself.

Excite Money & Investing - 07/16/2007

Cenzic Unveils Two "Game-Changing" Application Security Releases

Cenzic, the leading provider of application security assessment and risk-management solutions, today released a new version of the company's flagship product line, Cenzic Hailstorm Enterprise ARC (Application Risk Controller) 5.0 and the latest edition of the company's managed service, ClickToSecure ARC, representing the only true application risk-management "superset" in the industry.

iWon Money & Investing - 07/16/2007

Cenzic Unveils Two "Game-Changing" Application Security Releases

Cenzic, the leading provider of application security assessment and risk-management solutions, today released a new version of the company's flagship product line, Cenzic Hailstorm Enterprise ARC (Application Risk Controller) 5.0 and the latest edition of the company's managed service, ClickToSecure ARC, representing the only true application risk-management "superset" in the industry.

Morningstar - Market Wire - 07/16/2007

Cenzic Unveils Two "Game-Changing" Application Security Releases

Cenzic, the leading provider of application security assessment and risk-management solutions, today released a new version of the company's flagship product line, Cenzic Hailstorm Enterprise ARC (Application Risk Controller) 5.0 and the latest edition of the company's managed service, ClickToSecure ARC, representing the only true application risk-management "superset" in the industry.

TMCNet - 07/16/2007

Cenzic Unveils Two "Game-Changing" Application Security Releases

Cenzic, the leading provider of application security assessment and risk-management solutions, today released a new version of the company's flagship product line, Cenzic Hailstorm Enterprise ARC (Application Risk Controller) 5.0 and the latest edition of the company's managed service, ClickToSecure ARC, representing the only true application risk-management "superset" in the industry.

Yahoo! Finance - 07/16/2007

Cenzic Unveils Two "Game-Changing" Application Security Releases

Cenzic, the leading provider of application security assessment and risk-management solutions, today released a new version of the company's flagship product line, Cenzic Hailstorm Enterprise ARC (Application Risk Controller) 5.0 and the latest edition of the company's managed service, ClickToSecure ARC, representing the only true application risk-management "superset" in the industry.

Datamation Product Watch - 07/16/2007

Hailstorm Enterprise ARC / ClickToSecure ARC

Cenzic bills the latest release of their flagship product line--Cenzic Hailstorm Enterprise ARC (Application Risk Controller)--along with their ClickToSecure ARC managed service as a risk-management "superset."

SearchSoftwareQuality.com - 07/12/2007

Web application security market shifting

There are two fronts in the war on application security -- the software development life cycle (SDLC) and the production environment. Two industry giants -- IBM and HP -- recently made the first moves on the SDLC side to acquire niche players in the nascent application security market, but the expectation is the big security players such as Symantec and McAfee may get into this space as well.

Dark Reading - 06/22/2007

IBM Buys into Security

IBM's Recent Deal to acquire Web security software vendor Watchfire is one of those deals that "validate the market"--at least for those companies that haven't been burned by SQL injection, cross-site scripting and other Web security problems.

ARNnet.com.au - 06/20/2007

HP aims to snatch up SPI Dynamics

Lays out plans to acquire Web application vendor to boost security in application quality-management capabilities

PC World - 06/20/2007

HP-SPI deal underscores apps security integration

Hewlett Packard's acquisition of Web applications security specialist SPI Dynamics on June 19 illustrates a growing demand among enterprise customers to have vulnerability-scanning tools integrated into their software development platforms.

Reseller News - 06/20/2007

HP-SPI deal underscores apps security integration

Enterprise customers want vulnerability-scanning tools integrated into their software

InfoWorld.com - 06/19/2007

HP-SPI deal underscores apps security integration

As attacks on applications-level vulnerabilities increase, more enterprises are integrating security testing apps into their software development -- often via acquisition

InfoWorld.com - 06/19/2007

HP buys Web app security specialist SPI

Acquisition comes just two weeks after IBM announced plans to buy SPI rival Watchfire

PC World - 06/19/2007

Web App Consolidation Continues: HP Buys SPI

Hewlett-Packard Co. has agreed to buy Web application security specialist SPI Dynamics Inc., just two weeks after IBM Corp. announced plans to buy SPI's rival Watchfire Corp.

Network World - 06/19/2007

HP aims to snatch up SPI Dynamics

Lays out plans to acquire Web application vendor to boost security in application quality-management capabilities

SearchSoftwareQuality.com - 05/29/2007

XSS the top vulnerability in most Web applications in Q1

Cross-site scripting (XSS) variants dominated the top 10 vulnerabilities in commercial and open source Web applications, according to Cenzic Inc.'s Application Security Trends Report for the first quarter of 2007.

BankNet - 05/24/2007

Web Applications Fraught with Danger, Cenzic Says

The Web application security landscape is full of vulnerabilities that could enable unauthorized parties to steal critical personal information or transfer money to their accounts, according to a report by research firm Cenzic.

Network World - 5/23/2007

Cenzic Lists the Weak Spots in App Security

Security company Cenzic recently released their Q1 2007 Application Security Trend Report which is interesting and rather worrying reading.

Wall Street & Technology - 5/23/2007

A new study has found that the Web application security landscape is still fraught with danger and financial services firms had better watch out.

At least seven out of popular 10 Web applications have vulnerabilities that could potentially lead an unauthorized party to steal critical personal information such as social security numbers or transfer money to their accounts, according to a report by Santa Clara, Calif-based Cenzic .

Help Net Security - 5/22/2007

Top 10 vulnerabilities in Web applications in Q1 2007

Cenzic released its Application Security Trends Report - Q1 2007 with some alarming findings. The report provides a thorough analysis of reported vulnerabilities, including the most threatening, Web application probes, attack statistics and key findings. While this report highlights the Top 10 vulnerabilities in commercial and open source applications, Cenzic believes that the problem is much worse if you factor in proprietary home grown applications, as these typically contain a large number of vulnerabilities.

Windows in Financial Services - 5/2007

Emerging Technology: Staying Ahead of Hackers: Web Application Security for the Insurance Industry

By Don Canning, Microsoft

With U.S. e-commerce retail sales ballooning to over $54 billion in 2006, overall e-commerce sales including B2B extending beyond a staggering $1 trillion, and over 200 million Internet users, enterprises face a mammoth problem. How to secure the applications that are behind these Web sites? At large enterprises, the kind to which we entrust our most confidential information, Information Technology group may not even know how many applications they have, never mind how many are protected! How has it come to be that as Internet usage and sophistication have increased, we may be more vulnerable than ever to hackers?

IT Security - 4/9/2007

Beyond Simple Vulnerability Scanning

Traditional Web security has focused primarily on three areas: hardening the web infrastructure perimeter, con ducting external Audits and using an application vulnerability assessment scanner to uncover known vulnerabilities. Each of these techniques does provide value, however they do not provide the complete coverage needed to reduce the risk of attack. Application vulnerability assessment scanners are good for discovery and assessing commercial applications but not custom applications, they only scratch the surface and are often inaccurate in their findings.

SearchSoftwareQuality.com - 4/3/2007

Switch application security tools, receive credit for Cenzic product

In an attempt to attract new customers, Cenzic is offering up to $20,000 credit to switch from application security products from SPI Dynamics, Watchfire or WhiteHat Security to a Cenzic product.

NewsForge - 3/16/2007

Mozilla Security - More Open Than You Might Think

tk421 writes If open source by definition means that code is open, then why is Mozilla having some of its code discussions behind closed doors? The reason is simple: to protect users. Window Snyder, head of security strategy at Mozilla Corp., told internetnews.com that the allegation that Mozilla is not open is not the case. Snyder argued that Mozilla is as open as it can be and even somewhat democratic. In addition to the publicly available Bugzilla bug database, Mozilla also has a separate security group with membership made up from both Mozilla and the wider community. Currently the group has 86 individual members, with Google, Red Hat, IBM, Sun, Ubuntu and Cenzic among the different groups represented.

SD Times - 3/1/2007

Borland's Gauntlet partners are a first sign vulnerability testing has arrived

Application security hasn't been a high focus area for ALM tool makers, but Borland Software may be showing signs that a change is finally afoot.

Application Development Trends - 1/31/2007

Borland Ships Gauntlet Automatic Test Tool

Borland Software announced this week it is shipping its Gauntlet automated build and test software, adding another piece to its lifecycle quality management, or LQM, tools offering.

ComputerWeekly.com - 1/30/2007

Borland integrates Cenzic application security tool with Gauntlet

Software developers and testers who use Borland's Gauntlet will now have an application security testing tool available to them. Beginning this week, Cenzic's Hailstorm will be available as a plugin to Gauntlet, an automated system for building and testing code. Interested users may visit Borland's...

internetnews.com - 1/29/2007

Cenzic, Borland Team For Secure Apps Development

Arguing that Web applications are nowhere near as secure as the firewalls behind which they operate, Cenzic today announced an alliance to bundle its Hailstorm application risk controller software with Borland Software's Gauntlet version control software.

Market Wire - 1/29/2007

Cenzic Provides Critical Application Security Component to Borland(R) Gauntlet(TM)

Cenzic, Inc., a leading provider of application security risk management, vulnerability assessment, and compliance solutions, today announced the integration of Cenzic Hailstorm with the newly available Borland Gauntlet, an innovative continuous build and test automation product. As the leading provider of web application risk management and vulnerability assessment solutions in the industry, Cenzic will be a vital addition to IT organizations seeking to proactively uncover security vulnerabilities and enforce security policies throughout the software delivery lifecycle (SDLC).

Help Net Security - 1/8/2007

Online gaming company uses ClickToSecure for securing Web-Based applications

Cenzic announced that K2 Network, a leader in the online game market, has standardized on Cenzic's ClickToSecure managed service offering to assess the vulnerability of its web-based gaming applications and to ensure optimal security throughout the software development lifecycle. K2 Network's decision to work with Cenzic further builds on Cenzic's momentum as a leader in delivering flexible, on-demand testing solutions for critical web-based applications.


>	Technical Support FAQs
>	Security Publications