August 01, 2007
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy to use and understand to run scams.
- Weaknesses: Against: Installation is a bit tricky, documentation is tough to find, and scans are slower than other products.
- Verdict: A good program, but the installation and documentation need improvement.
The Cenzic Hailstorm offering is a software-based solution which truly performs application vulnerability assessment. Once the product is up and running, the wizard allows you to scan websites easily if not quickly. A default scan of the small PHP-based website had a runtime of over 21 hours to complete the scan. The scan has several default policy templates to be scanned against and for our test we chose the industry best practices template. The utility reported only one false positive and, as with other scanners, it was an SQL injection vulnerability on a site without SQL running. The utility was not fooled by the custom error pages as other scanners often were. In the end, the utility found 13 distinct URLs and found 80 distinct vulnerabilities.
The interface made it quite easy to see the overall status of the application, number of URLs discovered, forms discovered and an overall site map. The utility also called the scanner’s attention to other sites, which were not visited as part of the scan. Hailstorm even noticed a link to an outside site that was overlooked by most utilities. Additionally, Hailstorm has the ability to run several different types of reports — from the technician report to the executive report.
The installation of Hailstorm was the most confusing among the products we examined for this Group Test. Hailstorm had several different software installation options. Two options, which appeared to be correct, required the utility to connect to an existing SQL database. On the third attempt at installation, we found the correct option and a local database was installed, as well as the .NET framework.
Documentation was a bit difficult to find. Enclosed with the CD was a getting started guide, but it does not cover the different installation types in any level of detail, such that the installer can choose the correct installation method with confidence.
Support is offered through phone, web and email. Training and professional services are also offered.
The pricing for Hailstorm is above average for this review at $26,000, but it is a true application vulnerability assessment application and feature rich.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Three zero-days found in iOS, Apple suggests users update their iPhone
- MedSec goes its own way with medical device flaw
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components
- Don't connect your charging cell to a computer or you may get hacked!
- Six senators urge Obama to prioritize cybercrime at G20 summit
- Creating a buzz: USBee software causes air-gapped computers to leak data via USB connections
- Privacy advocates upset over FAA drone regulations, citizen takes action
- Voter database hack in Illinois by foreign intruder compromises info of 200K
- Fantom and FairWare ransomware discovered