Cenzic Intelligent Analysis
Dynamic Application Security Testing (DAST) Research
Cenzic has dedicated experts whose sole job is to perform ongoing research to find not only common vulnerabilities but also new or undisclosed vulnerabilities in custom, commercial and open-source applications. The Cenzic Intelligent Analysis (CIA) team specializes in continuous research into Cloud, Mobile and Web application vulnerabilities.
The CIA team monitors the latest vulnerabilities and trends affecting application security by keeping watch over Internet newsgroups, forums, mailing lists and websites where vulnerability information is released. The CIA team also researches and maintains Cenzic’s SmartAttack library which encapsulates best practices to test application attack resistance and validate conformance to regulatory and internal security compliance.
The Shortcomings of Manual Penetration Testing
Manual penetration testing (pen testing) has merit, but is not a replacement for rigorous, repeatable and continuous security testing. The problem with manual pen testing is the results are a one dimensional, single instance view of potential vulnerabilities. The quality of your results from manual pen testing are highly dependent on the tester's skill, methodology, frequency of tests and the environment (sandbox or production) used for testing.
What does a lack of results from a manual pen test mean? Perhaps there are no vulnerabilities. It's also possible that the tester's skill and rigor was light on that day. You simply can't know, and a false sense of security is hardly appropriate for critical apps and data.
The Advantage of Working With Cenzic
Cenzic Hailstorm excels where manual penetration testing falls short. Whether running Cenzic Enterprise, Cenzic Managed Cloud, Cenzic Cloud, or any other Cenzic product, scans are comprehensive, rigorous and up-to-date. False positives and negatives are minimized through Cenzic's Stateful Assessment capability. On-going research and frequent updates reduce the risks from emerging threats. And results are fully documented and accessible at any time.