Virtualization Technology News and Information
Major Los Angeles Government Agency Selects WhiteHat Security for Application Security
WhiteHat Security has announced a major Los Angeles public government agency has fully operationalized the WhiteHat Application Security Platform to secure its production websites as well as applications in development. With WhiteHat Security, the agency is now bringing security into their DevOps processes and securing applications across the entire software development lifecycle (SDLC). Using the combination of WhiteHat's dynamic application security testing (DAST) and static application security testing (SAST) solutions has had a positive impact not only on the organization's security posture, but it has also educated and enabled its entire DevOps team. 

Following an in-depth review process, the government agency deployed WhiteHat Sentinel Source, a SAST solution, to ensure security is addressed early in the SDLC. Sentinel Source offers the agency the proof of concept for a vulnerability as well as the exact locations and syntax of the flaw in the code by line item. As part of the solution, the agency makes full use of Directed Remediation, a unique and patented WhiteHat Sentinel Source feature that provides targeted and customized fixes as well as ready-to-implement code patches for common vulnerabilities. Directed Remediation provides a patch snippet and explanation, which is forwarded to the development team.

"When we started using Directed Remediation with Sentinel Source, it was a difference of night and day," said the agency's security analyst. "Through the proof of concept and an explanation of the remediation solution, WhiteHat helped to quantify and prioritize developer time, allowing them to go right into the deployment and patch testing. Clicking a link to apply a patch has reduced our time to fix vulnerabilities from over six weeks to less than an hour each."

The agency has also deployed WhiteHat Sentinel Dynamic, a DAST product, which is used as an ‘always-on' risk assessment to continuously scan websites for vulnerabilities and potential code changes. Additionally, unlike alternative offerings, all vulnerability results are verified by the WhiteHat Threat Research Center (TRC) security experts to remove false positives. Plus, the platform provides direct support access to TRC engineers through its "Ask a Question" feature.

"This customer understands the true value of integrating security into DevOps, and the collective power that development and security teams have when they collaborate on application security using the right SAST and DAST solution," said Matthew Handler, chief revenue officer at WhiteHat Security. "It's exciting to see them taking full advantage of features like Directed Remediation and ‘Ask a Question' to dramatically bring down the time it takes to fix a vulnerability. These features not only provide patches and guidance to fix flaws quickly, but they also provide ongoing appsec education that, over time, can create a dramatic positive effect on the organization's overall security posture."

Published Thursday, May 31, 2018 9:06 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2018>