Additional Info

Company size (employees)300+
Headquarters RegionNorth America


WhiteHat Security Sentinel is a SaaS platform that enables businesses to quickly deploy a scalable application security program across the entire software development lifecycle. By combining a scalable application-scanning platform with the world’s largest Threat Research Center (TRC), Sentinel identifies where organizations are vulnerable with near-zero false positives or false negatives. Sentinel provides customers with the most intelligent, risk-based, effective solution that can scale to meet any demand.

The WhiteHat Security TRC is a dedicated team of 150+ top security experts who provide ongoing verification of all vulnerabilities. Operating as an extension of our customers’ security teams, TRC experts set up and configure scans, verify all vulnerabilities, provide detailed descriptions and remediation guidance for vulnerabilities and are available to answer questions from within the Sentinel interface.

Sentinel’s three offerings:

1. Dynamic Application Security Testing (DAST): Sentinel Dynamic is a cloud-based platform that is easy to deploy and can continuously and concurrently scan an unlimited number of sites without slowing you down. Offering true continuous assessment, Sentinel Dynamic constantly scans a website as it evolves, offering an “always-on” risk assessment.

2. Static Application Security Testing (SAST): Sentinel Source scans entire (or partial) source code, identifies vulnerabilities and provides detailed vulnerability descriptions and remediation advice, as well as precise, ready-to-implement remediation solutions for certain vulnerabilities.

3. WhiteHat Sentinel Mobile: Cutting-edge mobile application security testing employs a combination of dynamic and static automated scanning, and manual mobile assessments by our TRC security engineers.

This experience and expertise in application security enables WhiteHat to publish two unique yearly reports: Our Web Applications Security Statistics Report and Top 10 Web Hacking Techniques. The Security Statistics Report is a yearly update illustrating the state of application security across various industries. Top 10 Web Hacking Techniques is an annual security community initiative driven by WhiteHat Security experts.

How we are different

• Hack Yourself First – with Analytics: We help secure the web by finding application vulnerabilities in the source code all the way through production, and help companies get them fixed before the bad guys exploit them. We perform assessments pit-crew style via our Threat Research Center, which enables unparalleled efficiency and vulnerability coverage. Because we assess our customers’ websites constantly, we are able to collect and present data analytics essential to measurably improving defenses. The WhiteHat Security Index (WSI) provides a visual overview of the robustness of customer websites with one score to monitor and manage your overall application security posture. WSI tracks real-time and historical data to measure risk exposure over time. A Peer Benchmarking dashboard displays a comparison of key metrics including number of open vulnerabilities, average time-to-fix, and average remediation rates, so customers can see how their application security posture measures up to industry and global averages.

• Full SDLC Coverage: Scalable, comprehensive application security at all stages of the SDLC, with SAST, DAST, mobile AST, and developer training. All results and reporting are available from one unified WhiteHat Sentinel interface. Our continuous DAST and SAST application security assessments are fast and well suited for today's agile development workflows, including deep integration into the DevOps process through IDEs, CI and build systems, and ALM tools.

• Plays well with others: WhiteHat actively seeks out technology partnerships where we can contribute APIs to secure a customer’s network. We work with all the major Web Application Firewall vendors, Prevoty’s Runtime Application Self-Protection solution, and multiple Vulnerability Management and Business Intelligence platforms. We also participate in FS-ISAC, OASIS, and OWASP.