Cenzic Hailstorm 2.0 automates security testing for Web apps
Wouldn’t it be nice if you could find and correct vulnerabilities in your Web applications before a hacker did? You can with Cenzic Hailstorm 2.0. An automated application security assessment tool, Hailstorm allows security managers, code developers, and departmental managers to create and run tests of application logic and security checks specific to their job functions, helping to ensure coding best practices and even regulatory compliance. Its clean and intuitive user interface allowed me to create and run a test job against a sample Web application in my lab in less than 10 minutes.
Test creation involves capturing a Web application into a structure called a Traversal and then defining a job to run against the Traversal. The job consists of the specific policies to test against the application, such as cross-site scripting, buffer overflow, and SQL attacks. Hailstorm comes with a great set of predefined policies, and it allowed me to edit existing policies and create new policies to meet my specific test requirements. When vulnerabilities are found, Hailstorm provides remediation information to help locate and correct the problem.
One of Hailstorm’s most impressive features is the reporting system. When a job completes, a wealth of information is presented to the job owner. You can drill down on a vulnerability to see the exact HTTP request and response from the Web server as well as the URL that generated the error. Hailstorm uses Crystal Reports to generate interactive charts. These allowed me to drill down into a vulnerability to view the specifics of the problem -- great for managers who must know just the results of tests. Hailstorm is a powerful new tool that proactively protects Web applications.
Cenzic Hailstorm 2.0
Cost: Subscription pricing starts at $35,000 per application per year for one application
This weekend's Windows 10 upgrade has users angry, and it's unclear if the ploy will continue
Here’s the best of the best for Windows 10. Sometimes good things come in free packages
Speaking at the O'Reilly Fluent conference, Eich also endorsed the Service Workers mobile app...
The new upgrade introduces small improvements across the board, but nothing to sway Windows 7 stalwarts...
These tiny Windows systems can be hidden away yet offer complete computing power
After long suffering from stagnant development, the IronPython project for running Python on .Net is...
Windows 7 and 8.1 customers have another new version of GWX, now with a countdown clock