WhiteHat Security
has announced a major Los Angeles public government agency has fully
operationalized the
WhiteHat
Application Security Platform to secure its production websites as
well as applications in development. With WhiteHat Security, the agency is now
bringing security into their DevOps processes and securing applications across
the entire software development lifecycle (SDLC). Using the combination of
WhiteHat's dynamic application security testing (DAST) and static application
security testing (SAST) solutions has had a positive impact not only on the
organization's security posture, but it has also educated and enabled its
entire DevOps team.
Following an in-depth review process, the government agency
deployed WhiteHat
Sentinel Source, a SAST solution, to ensure security is addressed early in
the SDLC. Sentinel Source offers the agency the proof of concept for a
vulnerability as well as the exact locations and syntax of the flaw in the code
by line item. As part of the solution, the agency makes full use of Directed
Remediation, a unique and patented WhiteHat Sentinel Source feature that
provides targeted and customized fixes as well as ready-to-implement code
patches for common vulnerabilities. Directed Remediation provides a patch
snippet and explanation, which is forwarded to the development team.
"When we started using Directed Remediation with Sentinel
Source, it was a difference of night and day," said the agency's security
analyst. "Through the proof of concept and an explanation of the remediation
solution, WhiteHat helped to quantify and prioritize developer time, allowing
them to go right into the deployment and patch testing. Clicking a link to
apply a patch has reduced our time to fix vulnerabilities from over six weeks
to less than an hour each."
The agency has also deployed WhiteHat
Sentinel Dynamic, a DAST product, which is used as an ‘always-on' risk
assessment to continuously scan websites for vulnerabilities and potential code
changes. Additionally, unlike alternative offerings, all vulnerability results
are verified by the WhiteHat Threat
Research Center (TRC) security experts to remove false positives.
Plus, the platform provides direct support access to TRC engineers through its
"Ask a Question" feature.
"This customer understands the true value of integrating
security into DevOps, and the collective power that development and security
teams have when they collaborate on application security using the right SAST
and DAST solution," said Matthew Handler, chief revenue officer at
WhiteHat Security. "It's exciting to see them taking full advantage of features
like Directed Remediation and ‘Ask a Question' to dramatically bring down the
time it takes to fix a vulnerability. These features not only provide patches
and guidance to fix flaws quickly, but they also provide ongoing appsec
education that, over time, can create a dramatic positive effect on the
organization's overall security posture."