WhiteHat Sentinel Source Standard and Essential Editions have received the highest OWASP Benchmark for Security Automation accuracy ratings of all static application security testing (SAST) solutions compared publicly.

The OWASP Benchmark is a free and open testing suite that evaluates how automated software vulnerability detection tools stack up in those three categories. It is considered neutral, well-respected and a true indicator of accuracy when comparing solutions. It calculates an overall score for a tool based on both true positive rate and false positive rate.

According to the most recent SAST evaluations, Sentinel Source Standard Edition (SE), WhiteHat Security's full SAST offering that covers the deployment phase of the software life cycle (SLC), scored 77 percent, and Sentinel Source Essentials Edition (EE), which provides SAST for the DevOps build/test phase, received a 42 percent accuracy rating. For reference, the commercial average totaled just 26 percent.

The Sentinel Source SE solution scans applications' entire source code, identifies vulnerabilities and provides detailed descriptions and remediation advice, as well as precise, ready-to-implement remediation solutions for certain vulnerabilities. The SE also comes with Threat Research Center-verified findings focused on high coverage and accuracy and delivered within 24 hours.

Sentinel Source EE's findings are comprehensive and highly accurate due to the use of WhiteHat Security's Attack Vector Intelligence (AVI) technology, which is a combination of human and machine intelligence. WhiteHat Security has the largest database of verified security vulnerabilities that helps WhiteHat Security's AVI technology improve its accuracy. Discovered vulnerabilities are prioritized according to their severity, thus providing guidance on what should be remediated first.

"Having our experienced and efficient Threat Research Center engineers thoroughly vet vulnerabilities often saves organizations time compared to providing raw results fast that contain false positives," said Monier Jalal, WhiteHat Security's vice president of Products. "However, with the release of Sentinel Source EE, WhiteHat Security is the only vendor that offers customers the choice of full-service verification, or the ‘do it yourself' approach. Adversaries are targeting vulnerable applications at an alarming rate, and the OWASP Benchmark accuracy ratings further show how WhiteHat Security is leading the effort to stem the tide of this alarming trend in the digital era."