ConfigurationB+  

Hailstorm offers three methods to add applications: Users can run an auto-discovery scan on Web application ports, add applications manually, or import a CSV file. You can assign a risk factor, and group applications for better management. Running and scheduling assessments is as simple as it gets.

The desktop application allows custom assessments that are a combination of checks from best practices (OWASP), regulatory standards, and custom attacks created in-house.We selected the OWASP and best practices assessments against a classic ASP/MS SQL and a Joomla (LAMP) Web application, respectively.

Hailstorm offers by far the best attack customization and new attack creation capability in the industry. To offer flexibility, Cenzic has added features such as interactive assessments, where the user navigates through the website manually.

EffectivenessA  

The two areas enterprises spend the most time on when using a vulnerability scanner are the home page/central display and the results/reports. Cenzic has remarkable interactive dashboard that shows trends and activities. During the review assessments, we were able to watch the findings and graphs updated as vulnerabi...

One feature that sets Hailstorm apart is the Hailstorm Application Risk Metric score, which incorporates the risk factor assigned to each application and the severity of the vulnerabilities discovered. This helps you focus remediation efforts and determine which vulnerabilities present the most risk. It also measures if risk is decreasing and if remediation is effective over time.

ReportingB+  

Reporting is by far the most improved module. The reporting engine is a powerful tool to monitor progress, manage compliance and distribute relevant information in a timely manner. The Crystal Reports viewer can export reports in many formats.

Verdict

Enterprise ARC 5.7 is a true enterprise-class solution for managing Web application vulnerabilities.

< PREV PAGE   |   1  |   2  |   NEXT PAGE  >