Cenzic Cloud

Frequently Asked Questions


Why should I care about application security?
Will I be more secure against hacker attacks after performing an application test?
Who can fix my application security flaws?
Does this Cenzic Cloud service perform network scans?
How intrusive are the applications tests? Will they bring down my website?
Do you run tests on live applications?
Do you test for the OWASP Top 10 and PCI 6.6?
What do Cenzic Cloud service results look like?
What if I have additional questions?


Why should I care about application security?

According to the latest Verizon Business Data Breach report, over 90% of websites are vulnerable to attack. That means hackers, who pose as regular users on the Internet, can easily exploit vulnerabilities found in websites. Traditional security products won’t protect websites against these attacks, such as: network vulnerability products, desktop security offerings, or any intrusion detection devices.

Web and Cloud applications need a vulnerability testing product like Cenzic Cloud to detect vulnerabilities at the application level – where over 75% of the hacker attacks occur.

Will I be more secure against hacker attacks after performing an application test?

Not yet. Assessing your application for vulnerabilities/defects is just first step. In order to make your applications more secure, you need to fix the vulnerabilities the Cenzic Cloud service finds. After the insecure code has been fixed, a re-test (free re-tests are included in your monthly purchase) should be performed in order to ensure the original vulnerabilities were fixed correctly. This continuous testing process is needed in order to stay ahead of hacker attacks.

Who can fix my application security flaws?

Cenzic partners with top remediation security experts who can help you fix your application vulnerabilities. To contact one in your area of the world, email our Business Development team. [pop up email to with subject:  Cenzic Cloud Vulnerability Remediation; goes to; BusinessDevelopment@cenzic.com ]

Does this Cenzic Cloud service perform network scans?

No. Cenzic Cloud only tests for vulnerabilities/defects in Cloud and Web applications, where 75% of hacker attacks occur.

How intrusive are the application tests? Will they bring down my website?

The tests are slightly intrusive. In searching for these vulnerabilities the Cenzic Cloud service will crawl your website and inject strings in form fields. Injections can be risky, because at the time of injection our technology has no way of understanding how your web server will respond. However, our customers test thousands of applications each year using these tests and rarely experience operational issues.

We suggest you run the test(s) during the least busy time of your website (usually the weekend starting on Friday night). This will give your company time to respond to any issues you may experience when testing for vulnerabilities on a live application. The rare cases of clients experiencing operational issues usually take the form of mass emails being sent to your system. And this rarely affects business – but usually customers like to be warned that such activity may occur.

Do you run tests on live applications?

Yes. If you input an application that is a live Web/Cloud application, then it will be tested for all the vulnerabilities contained in your purchased service offering. As answered in the question above, there is very little risk that your application will be compromised due to the service.

Do you test for the OWASP Top 10 and PCI 6.6?

Yes. If you purchase the Gold service offering, it will run tests for adherence to PCI 6.6 and the 2010 OWASP Top 10.

What do Cenzic Cloud service results look like?

All service offering results come in a detailed PDF format that you download and save directly from your Cenzic Cloud portal. The reports (assessment report with remediation) contain a vulnerability summary complete with easy-to-read severity charts, a listing of the detected security vulnerabilities, and directions on how to fix them. If you’ve purchased a Gold service offering (assessment report with remediation and PCI 6.6 compliance report with remediation), then you get additional information on how your website adhered to the PCI 6.6 requirement and the 2010 OWASP Top 10.

Click on links below to see example reports generated when we conducted tests on “Crackmebank”

Cenzic Cloud HealthCheck Sample Report

Cenzic Cloud Bronze Sample Report

Cenzic Cloud Silver Sample Report

Cenzic Cloud Gold Sample Report

Cenzic Cloud Gold (PCI 6.6) Sample Report

Cenzic Cloud Gold (OWASP Top 10) Sample Report

What if I have additional questions?

If you have any additional product support questions, email them to Cenzic Cloud Support. 




Reduce Security Risk:
Estimate the financial impact of a breach!

Calculate your application security exposure and risks.

Start Calculator

Related Resources

  • Subscribe to the Cenzic Blog
  • Connect with us on Facebook
  • Follow us on Twitter
  • Check Cenzic out on iTunes
  • Link to us on LinkedIn
  • Watch our videos on YouTube
Share This Page