Home » Press Releases Cenzic Further Strengthens Its ...

Press Releases by JavaScriptSearch

Cenzic Further Strengthens Its Security Assessment Solutions by Extending Support for AJAX Applications

Automated Application Vulnerability Testing Enables Companies to Securely Leverage Web 2.0 as an Evolving Business Platform

May 22, 2006; 05:30 AM
Cenzic, Inc. announced that its industry-leading automated vulnerability assessment solutions now offer full support for testing Web applications built using AJAX (Asynchronous JavaScript and XML) software development technology. Available immediately, AJAX support in Cenzic® Hailstorm® and ClickToSecure™ enables customers to take advantage of this emerging application development technique to develop smoother, more responsive and intuitive applications without the associated vulnerabilities which have left AJAX-based applications increasingly susceptible to security threats.

Historically, the same simplicity that enabled the Web's growth as a communications medium also created a gap between the experience it provides and the experience users expect from desktop applications. AJAX has rapidly emerged as a prominent enabling technology in the movement to improve the Web as a platform for business and consumer applications. Using AJAX, web-based applications can be developed with the same power and efficiency of desktop applications, providing software developers a wide open platform for creating innovative new programs that do not rely on computer operating systems.

As a method of programming which combines several different tools -- including JavaScript, dynamic HTML (DHTML), Extensible Markup Language (XML), and others -- AJAX builds interactive applications for the Web which process user requests immediately. Web pages are more readily responsive by exchanging small amounts of data with an intermediary -- an AJAX engine -- located between the user and the server, rather than the entire Web page reloading each time a user makes a change. An AJAX application eliminates the start-stop-start-stop nature of the Web, thus increasing the speed and user-interactivity of web pages and web-enabled services.

"AJAX creates rich internet applications that can be leveraged for tasks across the board, such as updating and deleting records or returning simple search queries. This notion of the Web as a software platform provides an inviting, seemingly limitless medium which is already being leveraged by industry leaders such as Google and Microsoft," said Mandeep Khera, vice president of marketing for Cenzic. "However, AJAX-style applications present new Web application security challenges which are often not initially visible to application developers. We have always taken pride in responding to our customers' needs, and as some of these customers have started developing their applications using AJAX platform they want to ensure that the applications are secure. Cenzic solutions now provide for the automated and efficient testing for these applications."

Tied to the new opportunities presented by AJAX and related Web 2.0 development tools are an accompanying number of new security holes. By enabling more interactive Web pages that are interoperable with Web services, AJAX immediately increases the amount of XML, text or HTML network traffic and therefore exposes applications to Web services vulnerabilities. The complexities inherent to AJAX development leave the door open for malicious clients to send corrupted data, expose back-end applications that were not previously vulnerable, and allows unauthenticated users to quickly elevate their privileges in the absence of server-side protection.

"The open, malleable nature of Web 2.0 establishes a relatively easy target for malicious behavior to compromise applications and overall network security," said Khera. "However, AJAX is here to stay, being touted as the technology to deliver a richer user experience with the potential to form the future of Web application technology. By making the powerful functionalities of Hailstorm applicable to Web 2.0, we allow people to continue to leverage this flexible medium for the delivery of Web application content in a more secure, authenticated manner."

Cenzic is the only company in the industry to have both a state-of-the-art software solution, Cenzic® Hailstorm®, and a managed service, ClickToSecure™, allowing enterprises the flexibility to use either solution or both based on their needs. These offerings help companies protect their web-based applications from potential security threats by emulating the way real hackers work in order to test applications for security vulnerabilities and compliance issues. Using a Stateful Assessment™ approach, Cenzic provides companies with highly accurate results without the "false positives" often associated with the first-generation application scanners, as well as tests for session management, application logic issues, and policy compliance for internal policies and regulatory standards.

About Cenzic

Cenzic is a leading provider of the next-generation enterprise software and a leading Managed Service offering for automated application security assessment and compliance that allows Fortune 1000 corporations, mid-sized corporations, and government organizations to dramatically improve the security of web applications throughout the software development lifecycle (SDLC). Cenzic® Hailstorm®, the most accurate and extensible product in the industry, enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities. Hailstorm benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic ClickToSecure™ service is one of the industry's first Software as a Service (SaaS) to combine the power of an enterprise-class application security assessment product with the flexibility of a managed security service. Cenzic Assessment Methodology completes the solution with a state-of-the-art business process consulting service to help customers improve their application security methodologies. Cenzic solutions are the most accurate, comprehensive, and extensible in the industry. Cenzic's current focus includes financial services, e-retail, healthcare, and government sectors. For more information, visit www.cenzic.com.



Related Resources

Other Resources