Cenzic is betting its two new products, announced today, will be "eye opening" for small enterprises that haven't...
yet addressed Web application security.
The two products, Hailstorm Core and Hailstorm Starter, are intended to offer an easy, low-cost or no-cost introduction to application security, and they extend the reach of Cenzic's application security assessment and compliance solutions to smaller shops by targeting the most common vulnerabilities.
Hailstorm Starter assesses small Web sites for cross-site scripting (CSS) vulnerabilities and is available to download for free. Hailstorm Core assesses Web sites for CSS as well as SQL disclosure, SQL error, Web server version and buffer overflow. It is available for download for $1,500.
According to Mandeep Khera, vice president of marketing at Cenzic Inc. in Santa Clara, Calif., this move by the company gives small enterprises a risk-free option to download and test the security products. "I think it will open a lot of people's eyes," he said.
"We're finding 95% or more of companies doing business online have no clue what application security means," he said. "A lot of them think it means SSL."
While large organizations such as financial services companies understand the risk and have put solutions in place, he said, "everyone else -- from midsize companies down -- have limited visibility to application security. They don't understand the issues. Obviously, we're not planning a lot of revenue from either product. The idea is to get it in their hands -- it's awareness building."
Khera said a lot of the mom and pop shops doing business online rely on their ISPs for security, "and the ISPs are not doing anything about application security either. And the mom and pop shops don't know issues or have the time [to address security], so they don't put the pressure on the ISPs," he said.
Although Khera said he has seen a lot of improvement in application security awareness over the last year, "it's still not enough. We were starting with a low base last year, but especially over the last three to six months we've seen a tremendous awareness. All signs are that people are finally getting it, but I still believe it's a small percentage of the total population. It's still the tip of the iceberg."
Dig Deeper on Software Security Test Best Practices