Cenzic Hailstorm 2.0 automates security testing for Web apps
Wouldn’t it be nice if you could find and correct vulnerabilities in your Web applications before a hacker did? You can with Cenzic Hailstorm 2.0. An automated application security assessment tool, Hailstorm allows security managers, code developers, and departmental managers to create and run tests of application logic and security checks specific to their job functions, helping to ensure coding best practices and even regulatory compliance. Its clean and intuitive user interface allowed me to create and run a test job against a sample Web application in my lab in less than 10 minutes.
Test creation involves capturing a Web application into a structure called a Traversal and then defining a job to run against the Traversal. The job consists of the specific policies to test against the application, such as cross-site scripting, buffer overflow, and SQL attacks. Hailstorm comes with a great set of predefined policies, and it allowed me to edit existing policies and create new policies to meet my specific test requirements. When vulnerabilities are found, Hailstorm provides remediation information to help locate and correct the problem.
One of Hailstorm’s most impressive features is the reporting system. When a job completes, a wealth of information is presented to the job owner. You can drill down on a vulnerability to see the exact HTTP request and response from the Web server as well as the URL that generated the error. Hailstorm uses Crystal Reports to generate interactive charts. These allowed me to drill down into a vulnerability to view the specifics of the problem -- great for managers who must know just the results of tests. Hailstorm is a powerful new tool that proactively protects Web applications.
Cenzic Hailstorm 2.0
Cost: Subscription pricing starts at $35,000 per application per year for one application
Microsoft buried a Get Windows 10 ad generator inside this month's Internet Explorer security patch for...
Hot or not? From the Web to the motherboard to the training ground, get the scoop on what's in and...
Microsoft’s 'Fall Update' promised to put the finishing touches on Windows 10 -- it doesn’t
From full-blown IDEs to essential resource utilities, these Android apps bring powerful programming...
Though still in early alpha, Microsoft's project to add native Docker commands to PowerShell is...
GCC 6.1 defaults to the C++ 14 standard and enhances experimental support for C++ 17
New support for Table Type Patterns in OpenFlow lifts the ceiling on large deployments and enables...