WhiteHat Sentinel Source
Standard and Essential Editions have received the highest OWASP Benchmark for Security Automation accuracy ratings
of all static application security testing (SAST) solutions compared publicly.
The OWASP Benchmark is a free and open testing suite that evaluates
how automated software vulnerability detection tools stack up in those three
categories. It is considered neutral, well-respected and a true indicator of
accuracy when comparing solutions. It calculates an overall score for a tool
based on both true positive rate and false positive rate.
According to the most recent SAST evaluations,
Sentinel Source Standard Edition (SE), WhiteHat Security's full SAST offering
that covers the deployment phase of the software life cycle (SLC), scored 77
percent, and Sentinel Source Essentials Edition (EE), which provides SAST for
the DevOps build/test phase, received a 42 percent accuracy rating. For
reference, the commercial average totaled just 26 percent.
The Sentinel Source SE solution scans
applications' entire source code, identifies vulnerabilities and provides
detailed descriptions and remediation advice, as well as precise,
ready-to-implement remediation solutions for certain vulnerabilities. The SE
also comes with Threat Research Center-verified findings focused on high
coverage and accuracy and delivered within 24 hours.
Sentinel Source EE's findings are comprehensive
and highly accurate due to the use of WhiteHat Security's Attack Vector
Intelligence (AVI) technology, which is a combination of human and machine
intelligence. WhiteHat Security has the largest database of verified security
vulnerabilities that helps WhiteHat Security's AVI technology improve its
accuracy. Discovered vulnerabilities are prioritized according to their
severity, thus providing guidance on what should be remediated first.
"Having our
experienced and efficient Threat Research Center engineers thoroughly vet
vulnerabilities often saves organizations time compared to providing raw
results fast that contain false positives," said Monier Jalal, WhiteHat
Security's vice president of Products. "However, with the release of Sentinel
Source EE, WhiteHat Security is the only vendor that offers customers the
choice of full-service verification, or the ‘do it yourself' approach.
Adversaries are targeting vulnerable applications at an alarming rate, and the
OWASP Benchmark accuracy ratings further show how WhiteHat Security is leading
the effort to stem the tide of this alarming trend in the digital era."