Hailstorm Support FAQs

System Software Requirements

One of the following operating systems:

Hardware

Licenses are distributed through digital license keys. Upon purchase of the product you should have received instructions on how to generate a request for a license. The product will not work without this license key. Contact technical support if you have not received a key or if you are unable to generate a license key request through the product.

Cenzic Hailstorm provides a range of options to help manage risk in testing your environment, whether the target system is a production system or a test system. You can choose to traverse your application without executing any tests. This will allow you to understand key elements of your target site and get an idea of the scope of work. In selecting policies to run against your target site, you can choose both observer and intrusive policy tests. Intrusive policy tests are designed to push your target system to failure. You always have control over which policies you wish to run.

Cenzic provides both APIs (Application Programming Interface) and CLIs (Command Line Interface) to help you integrate and leverage the product features. APIs can be used to create complex, highly customized applications. CLIs are used to schedule jobs, modify parameters dynamically, and other tasks. Your product documentation contains further information on how to use the APIs and CLIs. Cenzic also provides professional services to help you customize and develop specific features beyond the base product.

To provide maximum flexibility, Cenzic Hailstorm provides you the capability of printing, saving, and exporting reports into many different formats. Some of these formats include PDF, Word, Text, XML, and others. If you have a format that is not included in the supported list found in your documentation, we suggest you use Text or XML and customize the data per your needs.

Good IT and testing practices require testing against test systems or scheduling tests on production systems for off-peak, maintenance slots. Cenzic Hailstorm gives you control over how and when to execute jobs. This schedule capability allows you to either break up your job into smaller pieces to fit within a particular maintenance window; or allows you to run intrusive/unsafe policies when you are able to restore the target server if it fails during testing.

One unique feature of Cenzic Hailstorm is the ability to create a series of value for input during a test. This value series is called a dataset. Datasets can consists of N number of values of any type and can be used in policies ranging from "good password" policies (to check for trivial passwords) to "buffer overflow" policies (that push data of varying lengths to the server until it fails to respond).

Yes, by using a protective feature called Black Lists. Black Lists contain values, using standard regular expressions that indicate to the spider pages it should not scan, regardless of how your application may be designed. Conversely, a White List allows you to indicate to Cenzic Hailstorm which sites must be part of the test process and not skipped.

A policy is the specific rule or guideline against which a target can be tested or observed. Policies can contain various parameters and other characteristics to provide maximum extensibility. Policies can be used to test for vulnerabilities, to enforce internal security policies, or to test for application logic. The SmartAttack Library™ contains all of the policies generated either by Cenzic's CIA Research Team or by your organization for specific, custom applications. Policies can be broad enough to discover multiple types of vulnerabilities, eliminating the need for daily updates and patches.

Cenzic confirms that we will support customers running Cenzic applications on supported Operating Systems in a VMware virtual machine environment.  Cenzic provides support for Cenzic Hailstorm Enterprise ARC and Cenzic Hailstorm Professional running in a VMware virtual environment in an identical manner as with Cenzic Hailstorm Enterprise ARC and Cenzic Hailstorm Professional running on any other major x86 based systems without initially requiring reproduction of issues on native hardware. Should Cenzic suspect that the virtualization layer is the root cause of an incident; the customer will be required to contact the appropriate VMware support provider to resolve the VMware issue. While Cenzic's products are expected to function properly in a VMware virtual environment, not all usage cases can be foreseen, some of which might present performance implications.