With Web applications increasingly under attack by hackers, Cenzic is providing small and midsized businesses a way to fight back in the form of two new products unveiled Dec. 4.
Hailstorm Starter and Hailstorm Core are designed to deliver security assessment solutions for small businesses, and both products can be downloaded from the companys Web site.
Their release, coupled with the recent introduction of Hailstorm Enterprise ARC for larger businesses, allows Cenzic to offer a complete suite for enterprises of all sizes.
Mandeep Khera, Cenzics vice president of marketing, said the vast majority of businesses that do e-commerce are not doing much in the area of Web application security.
"Thats alarming," he said. "A lot of companies out there have no idea what application security means."
Increasingly though, protecting Web applications has become a major area of concern for businesses of all sizes. According to the Symantec Internet Security Threat Report released in September, vulnerabilities affecting Web applications accounted for 69 percent of all vulnerabilities documented by Symantec in the first half of 2006.
As an answer, Cenzic offers Hailstorm Starter and Hailstorm Core. Hailstorm Starter supports instant, interactive assessments for small Web sites, including a SmartAttack to reveal any cross-site scripting vulnerabilities, company officials said.
Hailstorm Core meanwhile tests and monitors applications for vulnerabilities such as SQL Disclosure, SQL Error, cross-site scripting and buffer overflow.
It also allows users to build security into Web applications as they are being developed.
Hailstorm Starter is free and is being offered as a teaser product to introduce users to Cenzic, Khera said. Hailstorm Core is available for purchase, he added.
Cenzics Hailstorm software solutions and ClickToSecure offerings use a stateful assessment approach that emulates a hacker, unlike other products that use a signature-based scanning approach, Cenzic officials said.
"Cenzic works with companies of all sizes through its software offerings, managed service and CIA Lab that specializes in continuous research into application vulnerabilities," said John Weinschenk, CEO and president of Cenzic, in a prepared statement.
"Through our work with thousands of customers, we realized that all applications need to be protected. However, the level of sophistication required in an assessment tool varied depending on the number and size of applications delivered by a given company."
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.