Solutions for Users

See how Cenzic benefits you in your company role

For Software Development Professionals

Software development professionals are busy—very busy. With the pressure of delivering applications on time, there is not enough time to test for security vulnerabilities manually or with ineffective tools that produce too many false positives. With the ever expanding exploitation of web application security vulnerabilities, your application development challenges are poised to expand.

Fortunately, Cenzic Hailstorm is here to help. From its inception, Hailstorm has been designed as an enterprise solution with the application developer in-mind. With Hailstorm®, you do not need to be an expert in security in order to test your application for security worthiness. Hailstorm plugs into your development process and enables you to test your applications before they go to QA and InfoSec for testing and assessment. This adds up to a greatly reduced possibility of your application getting delayed by security vulnerabilities.

For the Quality Assurance Professional

Cenzic Hailstorm is the first security solution designed with the QA professional in-mind as one of the principal users. Hailstorm® separates the task of setting up for security testing from the actual running of security tests. This allows QA professionals to focus on the difficult task of running high-volume testing while incorporating assistance from InfoSec experts that provide security expertise.

Security experts draw on Cenzic's powerful fault-injection technology and policy modeling to stress-test specific areas of a web application or to run broad policy-compliance tests across an entire application. These policies can then be used to test the target applications by QA professionals early on in the software development process.

After developers have finished coding applications, quality assurance professionals prepare them for the real world. Quality Assurance has always tested for functionality and performance in enterprise level applications. Now Hailstorm enables Quality Assurance to test for the critical third element: security. By employing Cenzic's integration with Mercury Interactive and other leading QA tools, QA groups can now test for security from a common interface and leverage their existing test scripts.

Once Quality Assurance has tested the web applications and certified them to be free of security vulnerabilities, they are deployed into production. At that point, the applications become the responsibility of the company's security professional and security auditors, who test the applications on a continuous basis for new vulnerabilities.

For the Information Security Professionals

Cenzic Hailstorm provides a rich and robust set of security vulnerability assessments and policy compliance assessment capabilities right out of the box. Information security professionals know that such pre-crafted security assessments are an important starting point in the complete application assessment process.

Hailstorm® provides a development environment for applications security architects to build policies that define how applications are to be tested. These policies draw on Cenzic's powerful fault-injection technology and policy modeling to stress-test specific areas of a web application or to run broad policy-compliance tests across an entire application.

But, any enterprise caliber product must go well beyond merely pre-crafted assessments. Every enterprise demands a high level of configurability and extensibility in their security solutions. As such, Hailstorm includes robust vulnerability and policy modeling functionality that allows security experts to leverage Hailstorm in specific enterprise settings and against applications with specific security requirements.

From the ground up, Hailstorm has been designed to help you automate the incredibly challenging task of conducting security assessments.

For Management

Managing the security of a large portfolio of in-house applications is an ever growing challenge. With a multitude of development, QA, and information security professionals working together to secure your applications, how can you keep track? With the ever expanding need to assess more applications, how will you keep assessment costs under control and stay within budget?

Cenzic Hailstorm has been architected to address the security issues through the complete software development life cycle (SDLC). It provides a development environment for applications security architects to build policies that define how applications are to be tested. These policies can then be used to test the target applications by developers or QA engineers early on in the software development process or by Information Security group after the application has been put into production. Vulnerabilities found can be patched using Cenzic Hailstorm's remediation links and then fed back into the development process for a closed-loop approach. By allowing integration with QA tools, existing processes established as part of the performance and functional testing can be leveraged to perform security testing.

Among its other compelling features, Hailstorm® provides rich management reporting and an executive dashboard. Want to know how many security vulnerabilities have been discovered in the new application that QA just received? How does it compare with last month's release? What are the trends over time for each group? These questions and more are easy to answer with Cenzic Hailstorm.