Web application security for small businesses

By Colleen Frye, News Writer 11 Dec 2006 | SearchAppSecurity.com

Software quality news and advice Digg This!     StumbleUpon     Del.icio.us

Cenzic is betting its two new products, announced today, will be "eye opening" for small enterprises that haven't yet addressed Web application security.

The two products, Hailstorm Core and Hailstorm Starter, are intended to offer an easy, low-cost or no-cost introduction to application security, and they extend the reach of Cenzic's application security assessment and compliance solutions to smaller shops by targeting the most common vulnerabilities.

Obviously, we're not planning a lot of revenue from either product. The idea is to get [application security tools] in their hands. It's awareness building. Mandeep Khera Vice president of marketing, Cenzic Inc.

Hailstorm Starter assesses small Web sites for cross-site scripting (CSS) vulnerabilities and is available to download for free. Hailstorm Core assesses Web sites for CSS as well as SQL disclosure, SQL error, Web server version and buffer overflow. It is available for download for $1,500.

According to Mandeep Khera, vice president of marketing at Cenzic Inc. in Santa Clara, Calif., this move by the company gives small enterprises a risk-free option to download and test the security products. "I think it will open a lot of people's eyes," he said.

"We're finding 95% or more of companies doing business online have no clue what application security means," he said. "A lot of them think it means SSL."

While large organizations such as financial services companies understand the risk and have put solutions in place, he said, "everyone else -- from midsize companies down -- have limited visibility to application security. They don't understand the issues. Obviously, we're not planning a lot of revenue from either product. The idea is to get it in their hands -- it's awareness building."

Khera said a lot of the mom and pop shops doing business online rely on their ISPs for security, "and the ISPs are not doing anything about application security either. And the mom and pop shops don't know issues or have the time [to address security], so they don't put the pressure on the ISPs," he said.

Although Khera said he has seen a lot of improvement in application security awareness over the last year, "it's still not enough. We were starting with a low base last year, but especially over the last three to six months we've seen a tremendous awareness. All signs are that people are finally getting it, but I still believe it's a small percentage of the total population. It's still the tip of the iceberg."

Tags: Software security testing and techniques,  Building security into the SDLC (Software development life cycle),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Software security testing and techniques Web server weaknesses you don't want to overlook Using firewalls for software testing: Pros and cons Beating software's cross-site scripting, authentication problems Free Web proxy security tools software testers should get to know How to get management on board with Web 2.0 security issues Web application security best practices: Tips on implementation Testing strategies for complex environments How to make your software tamperproof Ways to approach application performance testing on a tight budget How can I tell if my software security has been breached? Building security into the SDLC (Software development life cycle) Problems caused by skipping analysis stage of SDLC Inexpensive phase of SDLC to catch and fix bugs GatherSpace beefs up cloud-based requirements management ALM: Best of breed vs. complete systems Software development life cycle phases, iterations, explained step by step The role of quality assurance (QA) pros in software security Common software security risks and oversights Why the quality assurance department should be involved in testing How to develop secure applications Secure software development practices 'not rocket science'

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary