WhiteHat Security Debuts Sentinel 3.0
WhiteHat Security, Inc., a leading provider of Web application security services, today announced WhiteHat Sentinel 3.0, the industry’s only continuous vulnerability assessment and management service for Web sites. Sentinel 3.0 reduces the burden of securing Web applications with an on-going service that provides up-to-date and comprehensive identification of the vulnerabilities that are putting online customer and corporate data at risk. It is the only solution that can assess for all 24 classes of vulnerabilities identified by the Web Application Security Consortium’s (WASC) threat classification.
Web application security is inherently complex because the vast majority of e-commerce and interactive sites are created with custom code. Often, these sites change on a weekly or even daily basis, unlike commercial software products. WhiteHat Sentinel 3.0 enables assessment each time a Web site is changed or updated, and ensures the identification of existing and new vulnerabilities. This is accomplished through a three-step process — scanning, verification and custom testing. As part of this process, WhiteHat integrates expert analysis with proprietary scanning technology which delivers more in-depth results than scanning alone, since many of the most dangerous vulnerabilities can only be detected by this combined process. WhiteHat security engineers review all scanner findings to ensure accuracy and eliminate false positives.
Some of the key elements of Sentinel 3.0 include:
* One-click vulnerability retesting, for fast and easy confirmation of vulnerability remediation;
* Customized threat levels which streamline the remediation process by allowing customers to prioritize vulnerability repair;
* “Inspector,” (patent-pending) which enables WhiteHat to build a knowledgebase to look at defect patterns and immediately apply new discoveries on one site across the entire customer base;
* Web services API to directly integrate Sentinel vulnerability data with bug tracking systems or SIMs, and allow end-users to remain within their established framework system; and,
* Mapping to Payment Card Industry (PCI) vulnerability severity levels for simplified customer reporting.