The problem with doing application vulnerability testing in a live production environment is just that -- it's a live production environment, and if you break something, it could cause a lot of harm.

Yet there is a real need for live production server testing, since new attack vectors and vulnerabilities emerge on an almost-daily basis. The answer to the problem, according to application vulnerability testing vendor Cenzic, is virtualization.

Not surprisingly, it's the cornerstone of Cenzic's new Hailstorm 5.5 software release.

"Application security testing is not like running antivirus," John Weinschenk, president and CEO of Cenzic told InternetNews.com. "If you run antivirus, it warns you that you have a virus and you get rid of it. In application security, when you do attacks against an application, a successful attack could be very harmful to the system itself." "Virtualization gives you the ability to take a copy of the production app and test against it," he said.

Cenzic worked closely with VMware to develop a deep integration between Cenzic's Hailstorm and two of the virtualization player's products: Lab Manager, which takes virtual snapshots of an application, and Virtual Center, a management application for virtual machine resources and deployment.

As a result, Hailstorm can test production applications without impacting live performance or data.

Weinschenk explained that Hailstorm 5.5 understands all the applications that are virtualized and knows what applications are available to be attacked. He added that during testing, a user doesn't have to log directly into the VMware console, either -- they can do the testing directly via the Hailstorm interface.

"The real benefit is that now companies can test their application in a seamless virtual environment," Weinschenk said. "It's an automated solution, so once you set it up and set the recurrences up, you're up and running, getting real-time data."

Read the entire article from InternetNews, here.