Domain: cenzic.com
Stories and comments across the archive that link to cenzic.com.
Comments · 10
-
I'm Reminded of that scene from "The Mummy"
The crowd of ragged locals gather, all chanting in a low voice, "My Crow Soft, My Crow Soft, My Crow Soft". A Google search shows the following, The SecureIT Alliance enables leading security vendors to collaborate in order to improve the process of building and integrating Microsoft platform-friendly products. I can only think there's a Grinning Show Off hard at work at m$ saying to itself, "It's been a hard work day, but I earn my pay at m$"
-
Re:Certified
And then there's this:
http://www.cenzic.com/pr_20061011/
Oh my. Sweet. Once you see the words 'click' and 'secure' in the same sentence you can guess what it is all about.
-
Re:I wonder
In what way is a Microsoft Certified Partner not financially tied to the maintenance of the Microsoft ecosystem in the face of encroaching offerings, particularly in the browser space?
A more cynical person might assert that a company peddling security assessment tools for web servers would actively promote less secure server systems that kept them in business. Spreading FUD about a browser is only peripheral to that but it does feed the "non-Microsoft is bad" or "open-source is bad" ethic of senior management and bean counters... keeping major systems on Microsoft platforms and Cenzic in business. As I say though, you'd have to cynical
;) -
Right from their own website....
"Cenzic's acceptance to the SecureIT Alliance alongside our recent designation as a Microsoft Certified Partner highlights our expertise and experience in working with Microsoft technologies as well as a proven ability to meet customer needs," said Mandeep Khera, vice president of marketing for Cenzic. http://www.cenzic.com/pr_20061011/ So, this report on browser vulnerabilities must be "Fair and Balanced" given that they are a Microsoft Certified Partner.
-
Re:I wonderI actually RTFA and the vulnerabilities it accounts for are
- SQL Injection 25%
- XSS 17%
- Web Server 2%
- Buffer Errors 12%
- Web Browser 8%
- Authentication / Authorization 14%
Plus a few under 10%. The funny thing is that the article seems to blame the browser for SQL Injection, Web Server, Information Leak / Disclosure? WTF?
Information Leaks could be the result of any attack, SQL Injection has nothing at all to do with any browser and "Web Server"? There is no real information other than a nice shaded 3D pie chart so what this guy is trying to prove is beyond me. It also includes Path Traversal which is server side as well, code injection well injection into what? The browser, the server ... what?Popular vendors including Sun, IBM, and Apache continue to be among the top 10 most vulnerable Web applications named.
Even if some agrees that these companies are actual web applications and not software companies, you would have to agree that there really are only about 10 commonly used web servers in total so Sun, IBM and Apache will be on this list regardless of the exploit.
Looking at the real report all of the exploits blamed on the browsers are based on SQL Injections and propagating malicious code from the originator of the web site so how could one browser handle this more effectively then another? This doesn't really make a lot of sense so anyone gifted with more ability then myself please reply below. -
Re:Certified
And then there's this:
http://www.cenzic.com/pr_20061011/
I could be mistaken, but I think someone was just "told".
-
Re:CertifiedAnd then there's this:
-
Re:I read the report
Yes - interesting how we have web vulnerabilities irrespective of the web browser.
Of the Web vulnerabilities, 90 percent pertained to code in commercial Web applications, while Web browsers comprised about 8 percent and Web servers about 2 percent. Of the browser vulnerabilities, Firefox had 44 percent of the total, but perhaps the biggest surprise was Safari, which formed 35 percent of the browser vulnerabilities. Internet Explorer was third, with 15 percent, and Opera was at 6 percent.
I'm repeating the link here -
http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2009.pdf
-
Anyone Got the List?In Cenzic's report that chart is entitled "Web Browser Vulnerabilities by Major Type" and web browsers are only given one page.
I looked through older reports and cannot find a list of "vulnerabilities by major type." Anyone know where to find that? Until you can point that to me, I'm not going to take much stock in a company which has an ad on the bottom of the article that reads:Let us hack you before hackers do! The Cenzic website HealthCheck. FREE. Request yours now!
I'm sure one major category is "Win32 kernel exploits" while every piece of Gecko and Webkit qualifies as one major type.
-
Certified
It seems a bit surprising to me that this study shows that only 15% of vulnerabilities are in IE.
There is an explanation for that.
Cenzic Recognized as a Microsoft Certified Partner, Experiences Substantial Momentum in Q2