Cenzic virtualizes Web apps testing

Web applications security testing specialist Cenzic announced the latest version of its flagship scanning platform on Monday, adding new capabilities for inspecting programs utilizing virtualization technologies made by VMWare.

While leading software development platform makers, including IBM and HP, have invested heavily in acquiring assets from the applications testing tools market over the last year in an effort to force programmers to improve the quality of their work, hundreds of millions of existing Web applications still need to be examined for potential flaws, Cenzic officials maintain.

However, because companies are often resistant to the idea of pointing vulnerability-testing tools at their live applications -- based largely on fears of bringing the programs down or corrupting the data they handle -- many businesses have been reluctant to begin scanning all of their programs for potential flaws.

By linking its Cenzic Hailstorm Enterprise ARC (Application Risk Controller) package with VMware's Lab Manager and Virtual Center technologies, said officials with the apps testing software vendor, the company has been able to blend its security skills with widely-distributed virtualization tools being used by many large businesses today, and therein lower the impact of the vulnerability-scouring process.

The ability to use the virtualized environments provided by the Lab Manager and Virtual Center products to test exact copies of their applications without putting their real operations or data at risk should spur even greater interest in adopting applications scanning tools altogether, Cenzic executives contend.

"We think that offering the ability for companies to test their production applications in a virtual staging environment, where they aren't exposed the same risks of slowing operations or corrupting data, will be a big deal," said John Weinschenk, chief executive of Cenzic.

"The reason some people have avoided this level of testing is because they are too worried about disrupting their business, but the truth is these are the real applications that have the data they want to protect and that are being attacked on a daily basis" he said. "They've been searching for something that can protect uptime while searching for problems, and virtualization is the key to all of that."

In addition to giving companies more flexibility for initially testing their applications for security flaws, the executive maintains that the new Hailstorm-VMWare features will also make it more palatable for organizations to engage in "continuous testing" to stay abreast of any new defects they may discover in their applications over time.

Weinschenk said that most large businesses are already using virtualization tools with a vast majority of Fortune 100 companies investing specifically in VMWare's products.

Many of those companies are actively looking for additional areas where they can bring the tools to bear on their IT operations, he said, and the CEO contends that applications security testing will be received as an attractive opportunity to embrace virtualization even further.

Expanding the horizons of virtualization

Describing VMware's products as a "gaming console" and Cenzic's new tools as the "next big game," the executive said that once IT leaders realize that they can use the platforms together to more safely search their production apps for problems, he believes it will prove a significant boon to his company's prospects.