WhiteHat Security offers WhiteHat Sentinel, a Software as a Service (SaaS) platform that enables organizations to meet the stringent requirements of the Payment Card Industry Data Security Standard (PCI DSS). The solution offers continuous and concurrent vulnerability assessments for both internal and public websites. “The solution is a unique combination of our advanced technology and human intelligence provided by top security researchers in the White- Hat Security Threat Research Center (TRC),” adds Hinkley. Regardless which Sentinel product is being used, an expert in the TRC manually verifies all vulnerabilities found by the Sentinel Scanner to deliver verified and prioritized results. This eliminates the triage of false positives, optimizing the use of development resources and reducing the cost of remediation.
With Sentinel Dynamic, clients can identify and assess their public facing websites for vulnerabilities. Sentinel Dynamic performs continuous and concurrent risk assessments, searching for vulnerabilities within web applications, in a production safe environment.
Another product of WhiteHat Sentinel is Sentinel Source, an offering that assesses source code at any point in the Software Development Lifecycle (SDLC) for security issues. The early identification of problems in the SDLC makes it easy for development teams to catch critical vulnerabilities early on. “WhiteHat Sentinel Source functions by analyzing code as it is checked into the repository, identifies vulnerabilities and provides detailed vulnerability descriptions and remediation advice,” says Hinkley.
We combine the human expertise of our TRC with our superior technology for an uncompromising security solution
WhiteHat Sentinel is leveraged by clients to meet PCI compliance in many ways, primarily through reports that are required during the audit process. The reports are a means of assurance and explain that their applications have undergone WhiteHat scanning, manual assessments and business logic testing of their applications. “In compliance with PCI mandates, we provide penetration testing to identify vulnerabilities for our clients across various industries,” opines Hinkley.
The company has invested in an innovative SaaS platform that is capable of combining the results of dynamic and static application security testing in to a single user interface, streamlining the operations of the client. Alongside, the platform also provides a technical interface for the TRC experts to provide their feedback. “Our company has brought to market the advanced scanning technology and expertise from the TRC to produce near zero false positives,” says Hinkley. The organization offers 24-hour customer accessibility to the TRC, which provides the clients with an unrivaled security solution.
WhiteHat Security plans to enhance WhiteHat Sentinel to make it more streamlined, user-friendly, and accessible. Recently the firm has been engaged to deliver Remediation Services, as well as a Runtime Application Safe-Protection (RASP) offering, for a more comprehensive application security solution.