Article

Cenzic Web application security tool targets CSRF attacks

SearchSoftwareQuality.com Staff

Cenzic, a provider of Web application security vulnerability assessment and risk management solutions, Monday announced release 5.7 of Cenzic Hailstorm Enterprise ARC (Application Risk Controller) and Cenzic Hailstorm Professional.

Several new enhancements are available in Hailstorm 5.7, including much stronger Web services support, PCI compliance reporting, a new user interface for the ARC Desktop Client, and several usability and work low improvements for the ARC dashboard.

In addition, Cenzic has introduced five new significant SmartAttacks into the product suite:

Requires Free Membership to View

  • Cross-site request forgery (CSRF) -- This SmartAttack can find and protect against vulnerabilities that cause unauthorized commands to be transmitted by a user unknowingly. CSRF is an attack vector that enables an attacker to send arbitrary HTTP or HTTPS requests from a victim user. This attack exploits the trust that a site has for a particular user.

  • Ineffective session termination -- If a user session is not properly terminated, this SmartAttack can discover vulnerabilities that permit unauthorized access to that session.

  • Session ID identification -- Determines the exact parameter(s) used by the application to hold the session ID(s).

  • Application path disclosure -- Reports each page where malicious input can lead to an internal application error revealing specific path information.

  • Platform path disclosure -- This SmartAttack reports each page with path disclosure vulnerabilities.

Hailstorm 5.7 meets the June 30, 2008, compliance deadline for PCI Data Security Standard (DSS) Requirement 6.6 and is an aid to organizations working to comply with this demanding Web security requirement.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: