The problem with doing application vulnerability testing in a live production environment is just that -- it's a live production environment, and if you break something, it could cause a lot of harm.

Yet there is a real need for live production server testing, since new attack vectors and vulnerabilities emerge on an almost-daily basis. The answer to the problem, according to application vulnerability testing vendor Cenzic, is virtualization.

Not surprisingly, it's the cornerstone of Cenzic's new Hailstorm 5.5 software release.

"Application security testing is not like running antivirus," John Weinschenk, president and CEO of Cenzic told InternetNews.com. "If you run antivirus, it warns you that you have a virus and you get rid of it. In application security, when you do attacks against an application, a successful attack could be very harmful to the system itself." "Virtualization gives you the ability to take a copy of the production app and test against it," he said.

Cenzic worked closely with VMware to develop a deep integration between Cenzic's Hailstorm and two of the virtualization player's products: Lab Manager, which takes virtual snapshots of an application, and Virtual Center, a management application for virtual machine resources and deployment.

As a result, Hailstorm can test production applications without impacting live performance or data.

Weinschenk explained that Hailstorm 5.5 understands all the applications that are virtualized and knows what applications are available to be attacked. He added that during testing, a user doesn't have to log directly into the VMware console, either -- they can do the testing directly via the Hailstorm interface.

"The real benefit is that now companies can test their application in a seamless virtual environment," Weinschenk said. "It's an automated solution, so once you set it up and set the recurrences up, you're up and running, getting real-time data."

The catch, though, is that Cenzic's virtualization capabilities rely on VMware, which users will need to have in place.

Weinschenk said Cenzic's go-to-market strategy is to approach VMware's installed customer base. He added that Cenzic and VMware already share customers in many cases.

"We believe we should be able to pull additional VMware sales with our solution as well, " Weinschenk said. " People will want to be able to do this."

Weinschenk declined to comment, however, on whether Cenzic plans to work with Citrix's XenSource division to integrate with the Xen virtualization solutions.

The Hailstorm 5.5 release also adds new compliance reporting technology for application vulnerability testers.

This article was first published on InternetNews.com. To read the full article, click here.