Frequently Asked Questions

FAQs for ClickToSecure Cloud service

Why should I care about website security?

According to the latest Verizon Business Data Breach report, over 90% of websites are vulnerable to attack. That means hackers, who pose as regular users on the Internet, can easily exploit vulnerabilities found in websites. Traditional security products won’t protect websites against these attacks, such as: network vulnerability products, desktop security offerings, or any intrusion detection devices.

Websites need a web vulnerability testing product like Cenzic ClickToSecure Cloud (CTSc) to detect vulnerabilities at the web application level – where over 75% of the hacker attacks occur.

Will I be more secure against hacker attacks after performing a website test?

Not yet. Assessing your website for vulnerabilities / defects is just first step. In order to make your website more secure, you need to fix the vulnerabilities the ClickToSecure Cloud service finds. After the insecure code has been fixed, a re-test (free re-tests are included in your monthly purchase) should be performed in order to ensure the original vulnerabilities were fixed correctly. This continuous testing process is needed in order to stay ahead of hacker attacks.

Who can fix my website security flaws?

Cenzic partners with top remediation security experts who can help you fix your website vulnerabilities. To contact one in your area of the world, email our Business Development team: BusinessDevelopment@cenzic.com

Does this ClickToSecure Cloud service perform network scans?

No. Cenzic ClickToSecure Cloud only tests for vulnerabilities / defects in web applications, where 75% of hacker attacks occur.

What if I’d like a more thorough test of my website?

If you’d like a more comprehensive test of your website that contains over 100 test categories (compared to just 24 in the Gold service offering), then you can purchase Cenzic software (Cenzic Hailstorm) or managed service offerings (ClickToSecure Managed). Send an email to Support_ctscloud@cenzic.com with “Need More Thorough Testing of My Website” in the email title.

How many pages does your Cenzic ClickToSecure Cloud service test on my website? Is there a page number limit?

Yes, we have a page limit when testing websites for vulnerabilities. The more extensive the service, the more pages it tests. See table below.

Name of Website Test Service	Number of pages we test
HealthCheck	100
Bronze	200
Silver	300
Gold	500

How intrusive are the website tests? Will they bring down my website?

The tests are slightly intrusive. In searching for these vulnerabilities the Cenzic ClickToSecure Cloud service will crawl your website and inject strings in form fields. Injections can be risky because at the time of injection and our technology has no way of understanding how your web server will respond. However, our customers test thousands of websites each year using these tests and rarely experience operational issues.

We suggest you run the website test(s) during the least busy time of your website (usually the weekend starting on Friday night). This will give your company time to respond to any issues you may experience when testing for vulnerabilities on a live website. The rare cases of clients experiencing operational issues usually take the form of mass emails being sent to your system. And this rarely affects business – but usually customers like to be warned that such activity may occur.

Do you run tests on live websites?

Yes. If you input a website that is a live web application, then it will be tested for all the vulnerabilities contained in your purchased service offering. As answered in the question above, there is very little risk that your website will be compromised due to the service.

Do you test for the OWASP Top 10 and PCI 6.6?

Yes. If you purchase the Gold service offering, it will run tests for adherence to PCI 6.6 and the 2010 OWASP Top 10.

What do Cenzic ClickToSecure Cloud service results look like?

All service offering results come in a detailed PDF format that you download and save directly from your CTSc portal. The reports (assessment report with remediation) contain a vulnerability summary complete with easy-to-read severity charts, a listing of the detected security vulnerabilities, and directions on how to fix them. If you’ve purchased a Gold service offering (assessment report with remediation and PCI 6.6 compliance report with remediation), then you get additional information on how your website adhered to the PCI 6.6 requirement and the 2010 OWASP Top 10.

Click on each of the URLs below to see example reports generated when we conducted tests on the website, Crackmebank:

1. HealthCheck: CTSc sample report
   /downloads/CTSc_SampleReport_HealthCheck.pdf
   
2. Bronze: CTSc sample report
   /downloads/CTSc_SampleReport_Bronze.pdf
   
3. Silver: CTSc sample report
   /downloads/CTSc_SampleReport_Silver.pdf
4. Gold: CTSc sample report
   /downloads/CTSc_SampleReport_Gold.pdf
   Gold (PCI 6.6):CTSc sample report
   /downloads/CTSc_SampleReport_Gold-PCI66.pdf
   Gold (OWASP Top 10): CTSc sample report
   /downloads/CTSc_SampleReport_Gold-OWASP

What if I have additional questions?

If you have any additional product support questions, email them to Support_ctscloud@cenzic.com