Cenzic Hailstorm

8/1/2007
 

Product Information

Hailstorm
Vendor:Cenzic
Product:Hailstorm
Price:$26,000

Product Rating

Features
Ease of Use
Performance
Documentation
Support
Value for Money
Overall Rating
For:Easy to use and understand to run scams.
Against:Against: Installation is a bit tricky, documentation is tough to find, and scans are slower than other products.
Verdict:A good program, but the installation and documentation need improvement.

Reviews For This Vendor

The Cenzic Hailstorm offering is a software-based solution which truly performs application vulnerability assessment. Once the product is up and running, the wizard allows you to scan websites easily if not quickly. A default scan of the small PHP-based website had a runtime of over 21 hours to complete the scan. The scan has several default policy templates to be scanned against and for our test we chose the industry best practices template. The utility reported only one false positive and, as with other scanners, it was an SQL injection vulnerability on a site without SQL running. The utility was not fooled by the custom error pages as other scanners often were. In the end, the utility found 13 distinct URLs and found 80 distinct vulnerabilities.

The interface made it quite easy to see the overall status of the application, number of URLs discovered, forms discovered and an overall site map. The utility also called the scanner’s attention to other sites, which were not visited as part of the scan. Hailstorm even noticed a link to an outside site that was overlooked by most utilities. Additionally, Hailstorm has the ability to run several different types of reports — from the technician report to the executive report.

The installation of Hailstorm was the most confusing among the products we examined for this Group Test. Hailstorm had several different software installation options. Two options, which appeared to be correct, required the utility to connect to an existing SQL database. On the third attempt at installation, we found the correct option and a local database was installed, as well as the .NET framework.

Documentation was a bit difficult to find. Enclosed with the CD was a getting started guide, but it does not cover the different installation types in any level of detail, such that the installer can choose the correct installation method with confidence.

Support is offered through phone, web and email. Training and professional services are also offered.

The pricing for Hailstorm is above average for this review at $26,000, but it is a true application vulnerability assessment application and feature rich.

 
 
 
 
Popular Tags
Analyst Reports & Industry Surveys Apple Threats Browser Flaws Consumer Threats Education Email Security Emerging Threats Finance Government Groundbreakers Insider Threats IT Security Training Lawbreakers & Cybercrime Microsoft Mobile Endpoint Security Non-Microsoft Patches Patch Management Patch Tuesday Phishing Privacy Regulation Product News Retail Spam Techniques Trojans Vulnerabilities & Flaws
Home | News | Newsletters | Products | Blogs | Buyers Guide | Jobs | Events | Subscribe | Contact Us | About Us | Advertising | Editorial | Subscribe to our RSS feeds RSS

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions