• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

Cenzic Continues Its Contribution to Open Source By Releasing More Plug-Ins for Nessus Security Scanner

Posted on: Monday, 6 February 2006, 12:00 CST

Cenzic, Inc. today released the third set in a series of plug-ins for the popular Nessus security scanner. The announcement builds on the company's commitment to increasing the options for companies seeking to leverage open source solutions to help tackle common security challenges. The plug-ins are available for download immediately from the Cenzic web site at http://www.cenzic.com/nasl.html.

Cenzic(R) Hailstorm(R) helps companies protect their web-based applications from potential security threats by emulating the way real hackers work in order to test applications for security vulnerabilities and compliance issues. By assessing applications in a stateful manner, Cenzic provides companies with highly accurate results without the "false positives" often associated with scanning-based solutions, as well as tests for application logic issues and policy compliance for internal policies and regulatory standards.

Cenzic is also the only company in the industry to have both a state-of-the-art software solution Cenzic Hailstorm, and a managed service, ClickToSecure(TM), allowing enterprises the flexibility to use either solution or both based on their needs. While some prefer using the software solution, many enterprises prefer the managed service model to avoid internal resources deployment and still have the ability to leverage a powerful and accurate technology.

The following plug-ins are available immediately for free download:

 1. WebLogic server lets remote users execute some administration commands:    A remote user with RMI access to the administration server can execute    some WebLogic administration commands and may be able to cause damage    to the server or obtain configuration information. 2. Sun Java JDK Bugs: Buffer underflow protections in several classes can    be disabled by an applet that provides a special combination of    parameters. The vulnerabilities are reportedly due to inadequate range    checks that allow integer overflows to occur. 3. WebLogic clear text transmissions: When the administration port is not    enabled in WebLogic Server and WebLogic Express (versions 7.0, 8.1), a    remote user on the local network can monitor packets to view potentially    sensitive information. 4. WebLogic Mbean Disclosure: Sites running a WebLogic Server that have    not disabled anonymous admin lookup may allow a remote user to view    Mbean configuration data. 5. WebLogic MBean password disclosure: An authenticated operator may be    able to gain access to passwords that can, in turn, allow the user to    gain administrative access on the application. 6. PHP Apache socket crash: A local user can write PHP code that, when    invoked by a remote user via the Apache web server, will cause the    Apache web server to become unavailable and eventually crash. 7. Sun Java Server installation path disclosure: On remote hosts running    Sun Java Application Server PE 8.0, a remote user can determine the    installation path. 8. PHP Input Validation and safe_mode bypass: On remote hosts running PHP    server with version older than 4.3.10 or 5.0.3, a user may be able to    upload files to certain directories or bypass input validation    functions. 9. MySQL Access Control Vulnerability: A remote authentication user can    gain unauthorized privileges on a database if the user is granted    privileges on a similarly named database that contains an underscore    in the database name. 10. Apache mod_jk information disclosure: In the Apache web server in the     mod_jk module, a flaw occurs when mod_jk is used with the Tomcat     server. A remote user may obtain information intended for another     user. A remote user may also cause the service to become unusable. 

About Cenzic

Cenzic is a leading provider of the next-generation enterprise software and services for automated application security assessment and compliance that allows Fortune 1000 corporations, mid-sized corporations, and government organizations to dramatically improve the security of web applications. Cenzic(R) Hailstorm(R), the most accurate and extensible product in the industry, enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, Hailstorm benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic ClickToSecure(TM) service is one of the industry's first solutions to combine the power of an enterprise-class application security assessment product with the flexibility of a managed security service. Cenzic Assessment Methodology completes the solution with a state-of-the-art business process consulting service to help customers improve their application security methodologies. Cenzic solutions are the most accurate, comprehensive, and extensible in the industry. Cenzic's current focus includes financial services, e-retail, healthcare, and government sectors. For more information, visit www.cenzic.com.

Disclaimer: Nessus is a trademark of Tenable Network Security. Cenzic, Inc. products are not affiliated with or otherwise approved by Tenable.

 CONTACT: Jason Throckmorton or Jesse Odell LaunchSquad 415-625-8555 Contact via http://www.marketwire.com/mw/emailprcntct?id=7EA4EBF3242BB64F  

SOURCE: Cenzic

Source: MARKET WIRE

More News in this Category