August 01, 2007
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy to use and understand to run scams.
- Weaknesses: Against: Installation is a bit tricky, documentation is tough to find, and scans are slower than other products.
- Verdict: A good program, but the installation and documentation need improvement.
The Cenzic Hailstorm offering is a software-based solution which truly performs application vulnerability assessment. Once the product is up and running, the wizard allows you to scan websites easily if not quickly. A default scan of the small PHP-based website had a runtime of over 21 hours to complete the scan. The scan has several default policy templates to be scanned against and for our test we chose the industry best practices template. The utility reported only one false positive and, as with other scanners, it was an SQL injection vulnerability on a site without SQL running. The utility was not fooled by the custom error pages as other scanners often were. In the end, the utility found 13 distinct URLs and found 80 distinct vulnerabilities.
The interface made it quite easy to see the overall status of the application, number of URLs discovered, forms discovered and an overall site map. The utility also called the scanner’s attention to other sites, which were not visited as part of the scan. Hailstorm even noticed a link to an outside site that was overlooked by most utilities. Additionally, Hailstorm has the ability to run several different types of reports — from the technician report to the executive report.
The installation of Hailstorm was the most confusing among the products we examined for this Group Test. Hailstorm had several different software installation options. Two options, which appeared to be correct, required the utility to connect to an existing SQL database. On the third attempt at installation, we found the correct option and a local database was installed, as well as the .NET framework.
Documentation was a bit difficult to find. Enclosed with the CD was a getting started guide, but it does not cover the different installation types in any level of detail, such that the installer can choose the correct installation method with confidence.
Support is offered through phone, web and email. Training and professional services are also offered.
The pricing for Hailstorm is above average for this review at $26,000, but it is a true application vulnerability assessment application and feature rich.
Sign up to our newsletters
SC Magazine Articles
- Popular adult website XTube compromised, delivers malware
- Android vulnerability leaves apps open to malicious overwriting
- One in three of the top million websites are 'risky,' researchers find
- Orgs predict $53M risk, on average, from crypto key, digital cert attacks
- Hanjuan Exploit Kit leveraged in malvertising campaign
- Report: 71 percent of orgs were successfully attacked in 2014
- Self-deleting malware targets home routers to gather information
- 'PoSeidon' point-of-sale malware targets payment card information
- Amedisys notifies nearly 7,000 individuals of potential breach
- Report: More than 15,000 vulnerabilities in nearly 4,000 applications reported in 2014
- IBM will invest $3 billion in new IoT unit
- Infostealer Laziok targets energy companies
- 30 percent of practitioners say they would pay cyber extortionists to retrieve their data
- The best defense is a good offense: The importance of securing your endpoints
- British Airways says rewards accounts hacked, locked down