Jolt Product Excellence Award: Cenzic Hailstorm 6.5
In today's environment, risk assessment and vulnerability scanning is a must-have resource, not a nice-to-have. However, securing applications grows more challenging each day. Cenzic Hailstorm 6.5's new features meet that challenge remarkably well.
You can get started with your testing with little effort. From settings, to built-in reports, Hailstorm blends features into an interface that is both functional and clean. One feature to assist you is Cenzic's SmartAttack Library, which consists of numerous assessment variations to save you the time of configuring scenarios by hand.
Hailstorm includes a comprehensive set of security analysis tools that give a clear picture, across the entire application, of where problems exist. For applications that deal with credit card processing, for example, Hailstorm includes PCI 6.6 testing and helps remove the guesswork from a regulatory compliance perspective. Other compliance testing features include GLBA, and AB 1950, among others. Weekly updates are provided, which allow you to keep up with the latest threats.
In addition to the interface for configuring and running assessments, Hailstorm uses an embedded browser to show you a hacker's point of view of vulnerabilities. This helps to put weaknesses in context and drive home the point that problems are real, and not simply an item on a list.
Vulnerability reporting is not done as a flat list of problems, but rather uses a user-friendly scoring system to identify the areas of greatest concern, so that those issues can be addressed first. Congratulations to Cenzic Hailstorm 6.5!
— Jon Kurz
Productivity Award: /n software's IP*Works SSL, S/MIME and SSH Component Suites
/n software jolts us again, this time in the security category. Last year, it won the Jolt Productivity Award in the Application Libraries and Frameworks category. Now, a subset of /n software's Red Carpet Subscription that focuses on secure data exchange, racks up another Productivity Award in the Security category. Their IP*Works! SSL, S/MIME and SSH component suites provide cross-platform, standardized routine calls for Macs, PCs, iOS and Android operating systems. The SSL component provides developers with a set of comprehensive SSL security and digital certificate management components, the S/MIME collection delivers seven secure file, mail and messaging components and the SSH suite makes connecting and managing data transfers over an SSH session a breeze. Collectively, these components dissipate the hassles programmers have to manage when dealing with secure connections, saving both time and sanity.
— Mike Riley
Productivity Award: Coverity Static Analysis
With the heightened degree of sophistication that malicious hackers use to identify and exploit software defects, it's important to have a tool that catches problems before these individuals can. Coverity Static Analysis is an excellent bug-hunting tool for C, C++, C# and Java developers that can scan through millions of lines of code in a single pass. With its ability to search for defects in a variety of ways coupled with a code behavior and an analysis engine that is being continuously tuned, the depth and breadth of code coverage that Coverity offers is stunning. The reporting of various bugs, their prioritization and impact on the overall product via Coverity's dashboards make assessment and correction of identified problems considerably easier.
— Mike Riley