Article

Web application security for small businesses

Colleen Frye

Cenzic is betting its two new products, announced today, will be "eye opening" for small enterprises that haven't yet addressed Web application security.

The two products, Hailstorm Core and Hailstorm Starter, are intended to offer an easy, low-cost or no-cost introduction to application security, and they extend the reach of Cenzic's application security assessment and compliance solutions to smaller shops by targeting the most common vulnerabilities.

    Requires Free Membership to View

Obviously, we're not planning a lot of revenue from either product. The idea is to get [application security tools] in their hands. It's awareness building.
Mandeep Khera
Vice president of marketingCenzic Inc.

Hailstorm Starter assesses small Web sites for cross-site scripting (CSS) vulnerabilities and is available to download for free. Hailstorm Core assesses Web sites for CSS as well as SQL disclosure, SQL error, Web server version and buffer overflow. It is available for download for $1,500.

According to Mandeep Khera, vice president of marketing at Cenzic Inc. in Santa Clara, Calif., this move by the company gives small enterprises a risk-free option to download and test the security products. "I think it will open a lot of people's eyes," he said.

"We're finding 95% or more of companies doing business online have no clue what application security means," he said. "A lot of them think it means SSL."

While large organizations such as financial services companies understand the risk and have put solutions in place, he said, "everyone else -- from midsize companies down -- have limited visibility to application security. They don't understand the issues. Obviously, we're not planning a lot of revenue from either product. The idea is to get it in their hands -- it's awareness building."

Khera said a lot of the mom and pop shops doing business online rely on their ISPs for security, "and the ISPs are not doing anything about application security either. And the mom and pop shops don't know issues or have the time [to address security], so they don't put the pressure on the ISPs," he said.

Although Khera said he has seen a lot of improvement in application security awareness over the last year, "it's still not enough. We were starting with a low base last year, but especially over the last three to six months we've seen a tremendous awareness. All signs are that people are finally getting it, but I still believe it's a small percentage of the total population. It's still the tip of the iceberg."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: