WhiteHat Sentinel: SaaS website vulnerability management

WhiteHat Security updated WhiteHat Sentinel, its software-as-a-service (SaaS) website vulnerability management offering, including new User and Role Management options, additional enterprise reports and a Site Security Statement for customers and cloud computing service providers.

The new User and Role Management features provide organizations with greater control of their data by allowing them to compartmentalize data access based on roles and quickly add and delete users. New enterprise reporting functionality provides management with a clear and timely view of everything from specific site vulnerabilities to the state of their overall risk profile. Furthermore, security teams and developers can now drill down to get accurate details of the vulnerabilities, allowing them to immediately make decisions and mitigate risk.

The Sentinel User and Role Management system allows Sentinel Administrators the ability to manage users and adjust information and Sentinel functionality access depending on their positions. The new Site Grouping feature enables additional control and manageability by allowing websites under Sentinel management to be organized by business unit or geographical location.

Organizations may choose from four user roles, enabling them to control access to different levels of information:

  • Administrator – Provides access to all functionality, including User and Role Management
  • Security Operator – Offers ability to configure, start and schedule scans; generate reports and view vulnerability data from summary to detail
  • Developer – Enables the opportunity to view all vulnerability data and retest capability
  • Executive – Allows for access to summary data only.

WhiteHat Sentinel’s new reporting system offers more granular reports geared to specific audiences. The improved reports include:

  • PCI Compliance Report – Measures whether or not a company’s website is compliant with the Payment Card Industry’s Data Security Standard (PCI-DSS)
  • Attack Vector Details Report – Delivers a list of five specific details and instances of website vulnerabilities, including location, to simplify mitigation for security teams and developers
  • Vulnerability Details Report – Offers security and development teams a detailed listing of vulnerabilities found on an organization’s website
  • Executive Summary Report – Provides management an overview of their security risk profile
  • Site Summary Report – Gives management a comprehensive view of specific security risk exposure and vulnerabilities for each individual site.

Don't miss