Unique directed remediation feature has reduced the time-to-fix a vulnerability from weeks or months to less than an hour
San Jose, Calif., May 30, 2018 – WhiteHat Security, the leading application security provider committed to securing digital business, today announced a major Los Angeles public government agency has fully operationalized the WhiteHat Application Security Platform to secure its production websites as well as applications in development, bringing security into their DevOps processes and securing applications across the entire software development lifecycle (SDLC). Using the combination of WhiteHat’s dynamic application security testing (DAST) and static application security testing (SAST) solutions has had a positive impact not only on the organization’s security posture, but it has also educated and enabled its entire DevOps team.
Following an in-depth review process, the government agency deployed WhiteHat Sentinel Source, a SAST solution, to ensure security is addressed early in the SDLC. Sentinel Source offers the agency the proof of concept for a vulnerability as well as the exact locations and syntax of the flaw in the code by line item. As part of the solution, the agency makes full use of Directed Remediation, a unique and patented WhiteHat Sentinel Source feature that provides targeted and customized fixes as well as ready-to-implement code patches for common vulnerabilities. Directed Remediation provides a patch snippet and explanation, which is forwarded to the development team.
“When we started using Directed Remediation with Sentinel Source, it was a difference of night and day,” said the agency’s security analyst. “Through the proof of concept and an explanation of the remediation solution, WhiteHat helped to quantify and prioritize developer time, allowing them to go right into the deployment and patch testing. Clicking a link to apply a patch has reduced our time to fix vulnerabilities from over six weeks to less than an hour each.”
The agency has also deployed WhiteHat Sentinel Dynamic, a DAST product, which is used as an ‘always-on’ risk assessment to continuously scan websites for vulnerabilities and potential code changes. Additionally, unlike alternative offerings, all vulnerability results are verified by the WhiteHat Threat Research Center (TRC) security experts to remove false positives. Plus, the platform provides direct support access to TRC engineers through its “Ask a Question” feature.
“This customer understands the true value of integrating security into DevOps, and the collective power that development and security teams have when they collaborate on application security using the right SAST and DAST solution,” said Matthew Handler, chief revenue officer at WhiteHat Security. “It’s exciting to see them taking full advantage of features like Directed Remediation and ‘Ask a Question’ to dramatically bring down the time it takes to fix a vulnerability. These features not only provide patches and guidance to fix flaws quickly, but they also provide ongoing appsec education that, over time, can create a dramatic positive effect on the organization’s overall security posture.”
About WhiteHat Security
WhiteHat Security has been in the business of securing applications for 17 years. In that time, we’ve seen applications evolve and become the driving force of the digital business, but they’ve also remained the primary target of malicious hacks. The award-winning WhiteHat Application Security Platform is a cloud service that allows organizations to bridge the gap between security and development to deliver secure applications at the speed of business. For more information on WhiteHat Security, please visit www.whitehatsec.com, and follow us on Twitter, LinkedIn and Facebook.