Stateful Assessment
Cenzic’s technology goes beyond a signature-based approach by emulating a true hacker with a Stateful Assessment approach that maintains the state of the application while attacking the application at the browser level. By using Mozilla to attack Web applications at the browser level, Cenzic finds all critical vulnerabilities including application logic tests such as session hijacking, strong passwords, privacy policy validation, etc. as well as all the core vulnerabilities like XSS, Buffer Overflow, SQL Disclosure, and others. And only Cenzic can test for vulnerabilities across all types of applications including commercial and proprietary applications, Web infrastructure and all stages of a Web application.
This non-signature based approach has made Cenzic solutions the most accurate in the industry, yielding few false positives and finding more “real” vulnerabilities.
Differences between signature-based and Stateful Assessment based technology
|
While other vendors technically perform signature-based scanning by analyzing how applications respond to scanning by looking at HTML responses at the packet level, Cenzic executes the attack — while trapping and interpreting events to the response — at the application