News

U Cincinnati Uncovers Web Vulnerabilities with Hailstorm

• By Dian Schaffhauser
• 05/08/09

The University of Cincinnati has implemented Cenzic Hailstorm to safeguard data of students, faculty, and staff. Using Hailstorm the university will be able to proactively scan all IT managed Web sites campus wide, identifying vulnerabilities and performing remediation. In addition, the university is also implementing regular testing into its software development lifecycle.

"We have found several vulnerabilities while testing, so it is absolutely essential that our Web applications are secure upon deployment and thereafter," said Kim Logan, information security officer, at the institution "We chose Cenzic Hailstorm, because it had the least amount of false positives compared to any other solution we tested, and excels in the areas of assessment configuration, traversal definition, reporting, and customization. It's also extremely user friendly, which is a big plus."

The infosec team has invited the campus community to have free vulnerability scanning performed on their systems. In return, users will receive a detailed report that lays out significant vulnerabilities and how to fix them.

The university expects to use the software application in both development and quality assurance work, "to ensure applications that the university builds and deploys are as safe as possible," said Kevin McLaughlin, assistant vice president for Information Security.

U Cincinnati is also using Rapid7's NeXpose for vulnerability assessment, policy compliance, and remediation management.

Cenzic is also used at Boston College.