• United States

Cenzic aims to make vulnerability testing easier

Nov 30, 20052 mins
Enterprise Applications

* Tackling Web apps vulnerabilities

If you are developing Web applications there are a number of issues that should be always on your mind. These include worrying about such things as performance, error handling and bugs. But as worrisome as these things are there’s something else that should keep you awake at night: Web application vulnerabilities.

Hopefully being worried about this issue you will go out of your way to test for vulnerabilities. But for many developers the problem with vulnerability testing Web applications is it can be extremely time consuming and complicated.

Aiming to alleviate this problem is Cenzic. Cenzic’s vulnerability test tool is Hailstorm, an automated penetration testing system that can probe for vulnerabilities as well as determine regulatory compliance and when problems are found, Hailstorm provides remediation advice.

Hailstorm’s repertory of tests includes Web server version checks for out of date configurations, buffer overflow tests, SQL injections and cross-site scripting attacks. These tests are grouped in “policies” that can be edited and scheduled as test templates. Users can use test procedures from the SmartAttack Objects Library as well as create custom SmartAttack Objects to address new vulnerabilities as they arise and test specific application issues.

Hailstorm can record a tester’s interactive session and then run its tests against the recorded subset of the site and delta reporting – the ability to report on changes in results between successive tests – makes the QA process much more streamlined.

Hailstorm’s centralized architecture makes it possible for multiple testers to work collaboratively and the management dashboard – the console that displays results – provides a snapshot view of test results.

Of course, having a tool and using it effectively are two different things so Cenzic offers consulting services to work with clients in technical staff training and to help develop test procedures. Cenzic can also provide the service of outsourcing testing.

Hailstorm is priced starting from $15,000 per application per year.


Mark Gibbs is an author, journalist, and man of mystery. His writing for Network World is widely considered to be vastly underpaid. For more than 30 years, Gibbs has consulted, lectured, and authored numerous articles and books about networking, information technology, and the social and political issues surrounding them. His complete bio can be found at

More from this author