HARM Score

Cenzic Hailstorm Product Line

Your HARM score could be very good, under 500 or very bad over 40,000; you don’t know until an automatic assessment of your application’s vulnerabilities is taken. Cenzic is the only application security company that can provide you with their first-of-its-kind HARM score. It will tell you a lot quickly about your app’s security risk!

Get your HARM score by clicking here!

Example Hailstorm Enterprise ARC report utilizing HARM® score

Example of Hailstorm Enterprise ARC Intelligent dashboard

What exactly is a HARM score? HARM is a quantitative risk metric that automatically scores the vulnerability risks in your web applications. The HARM score helps you to better understand your application’s risks, measure progress toward security goals such as protecting your brand or getting compliant with regulations, and also gives you a measurement of your security baseline. For a given application the HARM score is calculated by a series of formulas that determine how vulnerabilities detected by a potential attack are weighted. HARM stands for the Hailstorm Application Risk Metric.

What do you do with a HARM Score? Once you have it; you can now deal with the biggest holes in your applications; the ones that are most vulnerable to hackers.

HARM automatically tells which vulnerabilities are the most important and where they are; allowing you to directly deal with those vulnerabilities. After you’ve closed the holes in your application you can re-run the automatic process to get a new HARM score and see how much you’ve lowered the risks in your application.

A good or bad HARM score? Different applications have different baseline HARM scores. Some highly vulnerable applications exhibit scores greater than 50,000, while an extremely secure web application with few vulnerabilities may score less than 500.

The HARM Score measures exactly what? Your HARM base score sums both your applications’ total vulnerability profile and vulnerabilities detected by a particular SmartAttack in each application considering the following four areas:

• Application
• Session
• Browser
• Environment

A complexity factor is applied to determine the means by which the vulnerability may be exploited. For instance, simple attacks such as those performed in a browser or automated with publicly available tools are considered higher risk. These are in contrast with attacks that require custom coded scripts.

What’s a SmartAttack®? SmartAttacks are automated attacks that simulate a hacker trying to compromise or cripple your application. They’re called “Smart” because their objective is to find vulnerabilities rather than to compromise your application.

Each SmartAttack checks for a specific kind of application vulnerability using highly advanced and specialized logic, providing unprecedented accuracy and reduction of erroneous results. Cenzic is the only application security company that employs SmartAttacks using a non-signature approach. The HARM system, unique only to Cenzic, is integrated within SmartAttacks, so vulnerability metrics can be calculated based on very specific vulnerability conditions.

How do I get a HARM Score? Call 1-866-4-CENZIC (1-866-423-6942), Int’l 1-408-200-0700
or click here and fill out our form to request our FREE Click-to-Secure service to get your HARM score. Simply put “I want my HARM score” in the subject box.