Storming the application gates
Cenzic Hailstorm 2.0 automates security testing for Web apps
Wouldn’t it be nice if you could find and correct vulnerabilities in your Web applications before a hacker did? You can with Cenzic Hailstorm 2.0. An automated application security assessment tool, Hailstorm allows security managers, code developers, and departmental managers to create and run tests of application logic and security checks specific to their job functions, helping to ensure coding best practices and even regulatory compliance. Its clean and intuitive user interface allowed me to create and run a test job against a sample Web application in my lab in less than 10 minutes.
Test creation involves capturing a Web application into a structure called a Traversal and then defining a job to run against the Traversal. The job consists of the specific policies to test against the application, such as cross-site scripting, buffer overflow, and SQL attacks. Hailstorm comes with a great set of predefined policies, and it allowed me to edit existing policies and create new policies to meet my specific test requirements. When vulnerabilities are found, Hailstorm provides remediation information to help locate and correct the problem.
One of Hailstorm’s most impressive features is the reporting system. When a job completes, a wealth of information is presented to the job owner. You can drill down on a vulnerability to see the exact HTTP request and response from the Web server as well as the URL that generated the error. Hailstorm uses Crystal Reports to generate interactive charts. These allowed me to drill down into a vulnerability to view the specifics of the problem -- great for managers who must know just the results of tests. Hailstorm is a powerful new tool that proactively protects Web applications.
Cenzic Hailstorm 2.0
Cost: Subscription pricing starts at $35,000 per application per year for one application