Home > Software Quality News > Web application security for small businesses
Software Quality News:
EMAIL THIS

Web application security for small businesses

By Colleen Frye, News Writer
11 Dec 2006 | SearchAppSecurity.com

Software quality news and advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Cenzic is betting its two new products, announced today, will be "eye opening" for small enterprises that haven't yet addressed Web application security.

The two products, Hailstorm Core and Hailstorm Starter, are intended to offer an easy, low-cost or no-cost introduction to application security, and they extend the reach of Cenzic's application security assessment and compliance solutions to smaller shops by targeting the most common vulnerabilities.

Obviously, we're not planning a lot of revenue from either product. The idea is to get [application security tools] in their hands. It's awareness building.
Mandeep Khera
Vice president of marketing, Cenzic Inc.

Hailstorm Starter assesses small Web sites for cross-site scripting (CSS) vulnerabilities and is available to download for free. Hailstorm Core assesses Web sites for CSS as well as SQL disclosure, SQL error, Web server version and buffer overflow. It is available for download for $1,500.

According to Mandeep Khera, vice president of marketing at Cenzic Inc. in Santa Clara, Calif., this move by the company gives small enterprises a risk-free option to download and test the security products. "I think it will open a lot of people's eyes," he said.

"We're finding 95% or more of companies doing business online have no clue what application security means," he said. "A lot of them think it means SSL."

While large organizations such as financial services companies understand the risk and have put solutions in place, he said, "everyone else -- from midsize companies down -- have limited visibility to application security. They don't understand the issues. Obviously, we're not planning a lot of revenue from either product. The idea is to get it in their hands -- it's awareness building."

Khera said a lot of the mom and pop shops doing business online rely on their ISPs for security, "and the ISPs are not doing anything about application security either. And the mom and pop shops don't know issues or have the time [to address security], so they don't put the pressure on the ISPs," he said.

Although Khera said he has seen a lot of improvement in application security awareness over the last year, "it's still not enough. We were starting with a low base last year, but especially over the last three to six months we've seen a tremendous awareness. All signs are that people are finally getting it, but I still believe it's a small percentage of the total population. It's still the tip of the iceberg."



Tags: Software security testing and techniquesBuilding security into the SDLC (Software development life cycle)VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts