This article can also be found in the Premium Editorial Download "Information Security magazine: How to be successful with your security steering committee."
Download it now to read this article plus other related content.
WEB APPLICATION SECURITY
Web application security has moved from a nice-to- have to a must-have requirement, for data protection and compliance. Cenzic's Hailstorm, which we last reviewed in 2005, reflects the growth in the depth and maturity of Web application vulnerability assessment software.
Enterprise ARC includes a management server/console; database for checks, assessments and results; ARC Execution Engine (AEE); distributed scanners that run scans with the Web application to run in different parts of the network and the standalone enterprise desktop scanner.
These components can be installed on one or more machines. The only combination that might be a little tricky is the AEE and desktop software on the same box. In this scenario, you have to stop the AEE service before you can run the desktop client.
Use the desktop application for applications needing some manual interaction and constant monitoring during the assessment, and use AEE for assessments that can be completely automated.
The installation wizard is straightforward and walks you through the various options, including setting the network port and passwords for communicating with the database.
This was first published in January 2009