Cenzic, Borland Team Up on Secure Application Development

The partnership aims to help enterprises to assess the vulnerabilities of apps before products hit the market.

Security solution provider Cenzic has integrated its Hailstorm software into the newly available Borland Gauntlet—a move that seeks to help IT organizations to proactively uncover security vulnerabilities and enforce security policies throughout the software delivery life cycle.

Starting Jan. 29, customers who download Borland Gauntlet will also be able to download a trial version of Cenzic Hailstorm.

When developers check in code, Cenzic can automatically test it for weaknesses and report security issues through the Gauntlet dashboard. Through Hailstorm, developers can receive an automated security assessment of Web-based applications to help find and fix vulnerabilities.

"We think security defects are even more costly if you wait…because they can get hacked," said Mandeep Khera, vice president of marketing at Cenzic.

Integrating the two products is just the next step for Cenzic, Khera said. Late in 2006, the company released products to test and monitor Web applications for vulnerabilities such as SQL Disclosure, SQL Error, cross-site scripting and buffer overflow.

/zimages/5/28571.gifClick here to read more about Cenzics security solutions.

By partnering with Borland, users can now combat viruses in the development phase through continuous security assessments and compliance testing throughout the software development life cycle.

Protecting Web applications has become a major area of concern for businesses of all sizes of late, as the number of threats against applications increases.

According to the Symantec Internet Security Threat Report released in September, vulnerabilities affecting Web applications accounted for 69 percent of all vulnerabilities documented by Symantec in the first half of 2006.

"Its kind of a two-pronged approach," Khera said.

"It is imperative that development organizations take steps to validate security throughout the software development life cycle to ensure applications not only perform well, but are secure," said Joseph Feiman, VP and Research Fellow at Gartner, in a statement. "The integration of Web application security vulnerability scanners with application life cycle management tools will force companies to be proactive about application security issues."

Robert Cheng of Borland said he is pleased to be working with Cenzic, and that the alliance will add to the value of Gauntlet.

"The integration of Cenzic Hailstorm with Borland Gauntlet will assist customers in identifying and resolving security vulnerabilities earlier in the delivery life cycle so their impact can be minimized," said Cheng, director of Developer Solutions, in a statement.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.