The Premier Website Security Solution
WhiteHat Sentinel is THE solution for covering all your website assets. However, website security is definitely not a one-size-fits-all issue. Options matter – especially when it comes to something as business-critical as the security of your websites. That’s why WhiteHat and HANDD together offer four different subscription options for production websites to suit your specific needs and budget, based on your unique risk exposure: Sentinel Baseline Edition (BE), Baseline Edition Enterprise, Standard Edition (SE) and Premium Edition (PE).
WhiteHat Sentinel Baseline (BE) is the foundational, “baseline” solution for covering all your website assets. Once a baseline is established, websites covered by BE can be easily upgraded to Sentinel SE or PE, based on the risk profile identified.
Sentinel BE customers control the scheduling of scans within the Sentinel interface. Sentinel BE also enables businesses to identify the critical, pervasive vulnerabilities that put their data at risk without over extending their budgets. As with all Sentinel solutions, each vulnerability identified is verified.
With Sentinel BE, you get:
- Checks for technical vulnerabilities including SQL Injection and XSS (Cross-site scripting)
- All verified results, designed to eliminate false positives
- Access to the WhiteHat Threat Research Center world-class support
- Unlimited retesting to ensure your remediation strategies were effective
Baseline Edition Enterprise offers the same core functinality as the Baseline edition, but is designed to be a massively scalable “best value” solution designed to fit any environment.
WhiteHat’s BE Enterprise can help you identify your website assets – even the ones you didn’t know you had – quickly.
Combining WhiteHat’s asset inventory and risk profiling solutions with Sentinel BE vulnerability assessment, Sentinel BE Enterprise is a cost-effective first step security benchmark designed to provide critical security diagnostics and coverage for your Web applications across the entire enterprise.
Once all your websites are identified, we’ll help you prioritize which are the most important, based on the following factors. Does the website:
- Generate revenue?
- Store and retrieve regulated data?
- Contain company-specific confidential data?
- Contain customer-specific data?
The answers to these questions determine your organization’s overall risk exposure from that website, and what kind of resources must be allocated to mitigate those risks. For those with hundreds or thousands of websites, a more scalable solution that provides a more thorough understanding of the types of websites in your network is desired. WhiteHat can help identify additional risk characteristics such as:
- Is it a website? (Often, companies secure domains but do not actually
build a site under it, in which case no action is required)
- Is there complex interaction on the website?
- Is there a log-in?
- Does it employ SSL?
- Does it collect customer sensitive information through forms?
Sentinel BE Enterprise discovers your production websites, triages them for security risk to your organization, and assesses each site for vulnerabilities. Assessments are performed on a continuous basis, for an unlimited number of times, and identify vulnerabilities listed on the WASC and OWASP Top 10, including critical SQL Injection and Cross-Site Scripting (XSS) attacks. This continuous assessment and verification of vulnerabilities will identify the risks that each one of your websites could pose to your overall corporate security position.
Sentinel BE Enterprise helps establish a robust baseline on which you can build a comprehensive Web security program. By discovering your total Web application presence and the risk exposure of each of them, you then have a complete understanding of what potential attacks to combat. By identifying and assessing all of your known applications, you greatly reduce any risk of hackers stealing your company’s – and your customers’ – sensitive information. And you can use the baseline results to determine what additional steps your Web security program may require: perhaps deploying Web application firewalls, investing in developer training, or prioritizing vulnerabilities for remediation based on your specific business requirements.
After you’ve gathered your vulnerability data, you can measure the security improvements as they occur, and then provide those metrics to management and everyone involved in Web security. These metrics include real time trending of your vulnerabilities, the percentage of remediation performed, the overall remediation rate, your current window of exposure, and give insight into which vulnerabilities are likely to occur in the future. Gathering and sharing these analytics also allows you to compare your company’s security profile with other companies in your industry.
In summary, Sentinel BE Enterprise delivers easily accessible, real-time data that enables you to:
- Discover your total Web application presence and know the extent of your vulnerability to attacks
- Perform a baseline assessment so that you know your overall risk, as well as which risks are real
- Help you plan further steps to establish a comprehensive Web security program
- Track, trend and measure the progress of your Web security program
WhiteHat Sentinel Standard Edition (SE) is designed for websites that are permanent fixtures in a customer’s online experience, but not necessarily mission-critical. These sites have multi-step, form-based processes and/or require the user to login.
Sentinel SE is ideal for protecting against the Directed Opportunist attacker – hackers who employ attack techniques that scan far and wide looking for easy opportunities to exploit.
SE is an appropriate solution for companies with hundreds to thousands of websites that have best practice or PCI 6.6 compliance requirements.
Sentinel SE includes configured assessment delivery and comes standard with verified vulnerability reporting. Sentinel SE replaces scanners, which are ineffective because they generate an inordinate amount of false positives and aren’t scalable.
WhiteHat Sentinel SE also offers an easy migration path to Sentinel Premium Edition.
WhiteHat Sentinel Premium Edition (PE) is ideal for websites that are permanent, mission-critical, have multi-step forms, have rigorous compliance requirements, and that the company relies on to serve customers or business partners.
Fully PCI 6.6 compliant, Sentinel PE protects websites that might be the potential victim of a systematic, repeatable and targeted attack, and includes testing for both technical and business logic vulnerabilities.
WhiteHat’s Threat Research Center performs manual custom testing to identity business logic flaws. The WhiteHat Security experts who uncover these types of vulnerabilities are capable of understanding account structures, contextual logic, and similar characteristics of websites & applications. PE comes standard with verified vulnerability reporting.
Business Logic Testing
WhiteHat Sentinel Premium Edition is unique in mapping out and testing custom business logic and application workflows, paying particular attention to privileges between roles and users. This type of testing is virtually impossible to automate without human context and understanding of your unique application.
WhiteHat Security will map out your application, users, roles, and custom business workflow. WhiteHat Sentinel can then properly test your application for expected business behavior and understand the context of the results. Example application behavior that would be unexpected and unwanted by the business include:
- Can a guest user access administrative functionality, like ‘create new admin’?
- Can Rob view Sally’s checking account, or use her coupon codes?
- Can a customer modify the cost of an item during checkout?
WhiteHat Security will work with you to ensure that the business logic vulnerabilities that WhiteHat Sentinel identifies are real and the intentions and risks associated with those vulnerabilities are understood by you.
Scalable to Fit Any Environment
WhiteHat Sentinel is built to scale and assess 100, 1,000 even 10,000+ of even the largest, most complex websites simultaneously. We’re talking maximum coverage of sites in QA/development and production environments – without impacting performance.
Visibility Into Risk Across The Enterprise From A Single Platform
Since it’s a SaaS-based platform, WhiteHat Sentinel is a completely turnkey solution. No other solution is as easy to deploy, easy to manage or as cost-effective. Or as comprehensive. Now, you can manage all your website security through a single, easy-to-use-platform.
Expert Risk Management Services From The TRC
WhiteHat’s Threat Research Center (TRC):
- Verifies every vulnerability that Sentinel finds
- Performs business logic testing, which is impossible to automate
- Serves as an extension of your own website security team
That means you can focus on your technology and business goals instead of website security headaches & hassles.
A Higher Level of Accuracy & Speed
Every service delivered by WhiteHat includes full vulnerability verification by theThreat Research Center (TRC), which verifies the accuracy of all vulnerabilities, virtually eliminating false positives and dramatically simplifying remediation. What’s more, the TRC also frequently operates as an extension of your security team. They’re available to answer questions about a vulnerability, or to provide “Proof-of-Concept” guidance on how a vulnerability can be exploited, for instance. Companies large and small value the fact that the TRC is the place you can call to get a live person who can offer expert analysis and guidance on your website security environment.
Predictable Costs – Unlimited Assessments
WhiteHat Sentinel provides subscription-based website security solutions designed to fit any budget. Whether you run your application assessments once a week or once a month, your costs are always the same.
Full Integration Via Our Open XML API
An open API combined with industry-leading bug tracking, Security Information and Event Management (SIEM), and Web Application Firewall (WAF) products, means you can share website security data across departments.
The patented methodology of WhiteHat Sentinel exceeds the strictest industry standards, as established by the PCI Security Standards Council, founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.
Advanced Scanning Technology
- Virtually eliminates false positives
- Scans and assesses tens of thousands of sites simultaneously
- Has less impact on your website than a single user
Verified Results Mean No False Positives
- All results are verified by WhiteHat’s TRC so you see only real, actionable vulnerabilities
- Tests for significantly more vulnerabilities than any commercial scanner
Simple & Flexible Reporting
- Creates customizable reports in HTML or PDF format
- Provides detailed vulnerability descriptions
- Delivers trend reports across enterprise / website
- Meets all PCI compliance standards
An Open XML API Gives You More Control
- Integrates with industry-leading bug tracking software, Security Information and Event Management (SIEM) and Web Application Firewall (WAF) products
Web-Based Management Portal
- Gives you 24/7 access to vulnerability information
- Lets you schedule scans, generate reports, and view data from anywhere
- Allows easy tracking via detailed audit trails
WhiteHat Sentinel VS Traditional Website Security
How Sentinel Works
WhiteHat Sentinel 30 Day Free Evaluation with SecurityCheck
Discover how effective and how secure your current website security is with SecurityCheck. This WhiteHat Sentinel evaluation service is now available as a free, 30-day trial. You will have unlimited access to WhiteHat Sentinel in order to review results, generate reports and share findings with your developers and security management team.
These days, you never know where website attacks will breach your defenses – from within your custom website code, third-party services providers, you name it.
The WhiteHat SecurityCheck will assess the real-time risk of your site, identify vulnerabilities and report the results – along with an action plan for keeping your site 100% secure – continuously.SIGN UP NOW →