WhiteHat Security: Simplifying Web Security Solutions through WhiteHat Sentinel

Charles W. Scharf, CEO, WhiteHat SecurityCharles W. Scharf, CEO
Payment cards have become a popular means of payment owing to their hassle free nature. However, even in the era of PCI compliance, there is the threat of data breach and fraud involved with their usage. The lack of secure code in the software underpinnings of payment systems software has put the personal information of users at risk. Santa Clara, CA based WhiteHat Security offers application vulnerability management solutions to address such security challenges. “We ensure that an organization’s web applications are secure, regardless of their development process,” begins Craig Hinkley, CEO of WhiteHat Security.

WhiteHat Security offers WhiteHat Sentinel, a Software as a Service (SaaS) platform that enables organizations to meet the stringent requirements of the Payment Card Industry Data Security Standard (PCI DSS). The solution offers continuous and concurrent vulnerability assessments for both internal and public websites. “The solution is a unique combination of our advanced technology and human intelligence provided by top security researchers in the White- Hat Security Threat Research Center (TRC),” adds Hinkley. Regardless which Sentinel product is being used, an expert in the TRC manually verifies all vulnerabilities found by the Sentinel Scanner to deliver verified and prioritized results. This eliminates the triage of false positives, optimizing the use of development resources and reducing the cost of remediation.

With Sentinel Dynamic, clients can identify and assess their public facing websites for vulnerabilities. Sentinel Dynamic performs continuous and concurrent risk assessments, searching for vulnerabilities within web applications, in a production safe environment.

Another product of WhiteHat Sentinel is Sentinel Source, an offering that assesses source code at any point in the Software Development Lifecycle (SDLC) for security issues. The early identification of problems in the SDLC makes it easy for development teams to catch critical vulnerabilities early on. “WhiteHat Sentinel Source functions by analyzing code as it is checked into the repository, identifies vulnerabilities and provides detailed vulnerability descriptions and remediation advice,” says Hinkley.

We combine the human expertise of our TRC with our superior technology for an uncompromising security solution

The WhiteHat Sentinel Mobile offering performs dynamic analysis, static analysis and mobile assessment for mobile applications. WhiteHat Security’s TRC provides on-demand answers and manages the risk of mobile exploits. With WhiteHat Computer Based Training (CBT), the client is provided with an interactive experience to learn risk mitigation and remediation techniques to security and professional teams in a web-based environment accessible from anywhere.

WhiteHat Sentinel is leveraged by clients to meet PCI compliance in many ways, primarily through reports that are required during the audit process. The reports are a means of assurance and explain that their applications have undergone WhiteHat scanning, manual assessments and business logic testing of their applications. “In compliance with PCI mandates, we provide penetration testing to identify vulnerabilities for our clients across various industries,” opines Hinkley.

The company has invested in an innovative SaaS platform that is capable of combining the results of dynamic and static application security testing in to a single user interface, streamlining the operations of the client. Alongside, the platform also provides a technical interface for the TRC experts to provide their feedback. “Our company has brought to market the advanced scanning technology and expertise from the TRC to produce near zero false positives,” says Hinkley. The organization offers 24-hour customer accessibility to the TRC, which provides the clients with an unrivaled security solution.

WhiteHat Security plans to enhance WhiteHat Sentinel to make it more streamlined, user-friendly, and accessible. Recently the firm has been engaged to deliver Remediation Services, as well as a Runtime Application Safe-Protection (RASP) offering, for a more comprehensive application security solution.