Application Security Assessment | Solution Brief Application Security Assessment: Dynamic Application Security Solution Introduction Application security requires a comprehensive approach that is both broad and deep. To keep up with today’s rapidly changing threat landscape, applications must be evaluated continually for new security vulnerabilities. The best way to achieve your goals is to combine the unique perspectives offered by both manual and automated security assessment into a unified, integrated approach. Automated Assessment WhiteHat’s unique differentiator is that each and every vulnerability discovered by our Sentinel scanner is manually verified for accuracy by a member of our Threat Research Center (TRC), a team of website security experts, virtually eliminating false positives and streamlining the remediation process. Our scans are production safe and run continuously so your web applications are safe regardless of how frequently changes are being made -- without interrupting development. Manual Assessment WhiteHat’s software as a service (SaaS) includes manual assessment and business logic assessment for customized testing equivalent to a Layer 7 penetration test. We utilize a customized testing scheme developed and performed by WhiteHat security engineers, mapping the web application (users, roles, and custom business workflow), identifying and validating account privileges across roles and between users, and prioritizing vulnerabilities based on the business goals for each application. Testing includes the OWASP Top 10, the Web Application Security Consortium’s Threat Classification, and custom testing that includes: § Abuse of Functionality § Brute Force § Credential/Session Prediction § Cross-site Request Forgery § Insecure Indexing § Insufficient Anti-automation § Insufficient Authentication § Insufficient Authorization § Insufficient Process Validation § Insufficient Password Recovery § Insufficient Session Expiration § Session Fixation
IntroductionApplication security requires a comprehensive approach that is both broad and deep. To keep up with today’s rapidly changing threat landscape, applications must be evaluated continually for new security vulnerabilities. The best way to achieve your goals is to combine the unique perspectives offered by both manual and automated security assessment into a unified, integrated approach.
Automated AssessmentWhiteHat’s unique differentiator is that each and every vulnerability discovered by our Sentinel scanner is manually verified for accuracy by a member of our Threat Research Center (TRC), a team of website security experts, virtually eliminating false positives and streamlining the remediation process. Our scans are production safe and run continuously so your web applications are safe regardless of how frequently changes are being made -- without interrupting development.
Manual AssessmentWhiteHat’s software as a service (SaaS) includes manual assessment and business logic assessment for customized testing equivalent to a Layer 7 penetration test. We utilize a customized testing scheme developed and performed by WhiteHat security engineers, mapping the web application (users, roles, and custom business workflow), identifying and validating account privileges across roles and between users, and prioritizing vulnerabilities based on the business goals for each application. Testing includes the OWASP Top 10, the Web Application Security Consortium’s Threat Classification, and custom testing that includes:
An Innovative Approach to Application SecurityWhiteHat approaches website security through the eyes of the attacker. We are the only ones in the industry able to do this at scale because we use a combination of technology, 13 years of intelligence metrics, and the judgment of some of the world’s best security experts. Our entire approach mimics an attacker’s mindset. We perform assessments pit-crew style, which enables unparalleled efficiency and vulnerability coverage. Because we are assessing our customers’ websites all the time, we are able to collect and present data analytics that are essential to steadily and measurably improving customers’ defenses.
About WhiteHatFounded in 2001 and headquartered in Santa Clara, California, WhiteHat Security is the leader in application security, enabling businesses to protect critical data, ensure compliance, and manage risk. WhiteHat is different because we approach application security through the eyes of the attacker. Through a combination of technology, more than a decade of intelligence metrics, and the judgment of real people, WhiteHat Security provides complete web security at a scale and accuracy unmatched in the industry. WhiteHat Sentinel, the company’s flagship product line, currently manages tens of thousands of websites – including sites in highly regulated industries, such as top e-commerce, financial services, and healthcare companies. For more information on WhiteHat Security, please visit www.whitehatsec.com.
For 3 years running, WhiteHat Security has been positioned as a leader in the Gartner Magic Quadrant for Application Security Testing. In particular, Gartner noted “WhiteHat Security should be considered by organizations looking to delegate their DAST and, to a lesser degree, SAST and mobile AST to an expert third-party testing service provider, as well as organizations looking to evolve their AST programs to more of a risk-based approach.”
![WhiteHat Security Website Statistics [Full Report] (2013)](https://static.documents.pub/doc/80x56/545644dbaf79594d148b9404/whitehat-security-website-statistics-full-report-2013.jpg)
![WhiteHat Security Website Statistics Report [SLIDES] (2013)](https://static.documents.pub/doc/80x56/545644d3af79597b578b4e59/whitehat-security-website-statistics-report-slides-2013.jpg)
