"Application security testing is not like running antivirus," John Weinschenk, president and CEO of Cenzic told InternetNews.com. "If you run antivirus, it warns you that you have a virus and you get rid of it. In application security, when you do attacks against an application, a successful attack could be very harmful to the system itself." "Virtualization gives you the ability to take a copy of the production app and test against it," he said.
Cenzic worked closely with VMware to develop a deep integration between Cenzic's Hailstorm and two of the virtualization player's products: Lab Manager, which takes virtual snapshots of an application, and Virtual Center, a management application for virtual machine resources and deployment.
As a result, Hailstorm can test production applications without impacting live performance or data.
Weinschenk explained that Hailstorm 5.5 understands all the applications that are virtualized and knows what applications are available to be attacked. He added that during testing, a user doesn't have to log directly into the VMware console, either -- they can do the testing directly via the Hailstorm interface.