WhiteHat Security, a Santa Clara, California based company best known for its Web application security testing solutions, today launched “Sentinel Source”, a new Static Application Security Testing (SAST) solution that helps developers and security teams with continuous concurrent code assessments.
Sentinel Source adds to WhiteHat’s existing Web security platform and helps manage the entire software development lifecycle, helping to secure application code as it’s written and improve developer skills surrounding security issues.
The company says Sentinel Source has the ability to track source code development for vulnerabilities in real-time and offers complete integration with its Dynamic Application Security Testing (DAST) product line that assesses sites in production and pre-production.
The technology behind Sentinel Source comes primarily as a result of WhiteHat’s June 2011 acquisition of Infrared Security, a company specializing in application security consultation and the development of static analysis technologies. As part of the acquisition, WhiteHat brought Infrared Security’s management on board, including Eric Sheridan who serves as Chief Scientist for the company’s Static Code Analysis Division, and Jerry Hoff who now serves as vice president of the division. Following the acquisition, over the next year, Sheridan and Hoff worked with the WhiteHat team on the integration of the SaaS-based static testing solution into the WhiteHat Sentinel product line, ultimately leading to today’s launch.
As organizations add more functionality to online applications developers are challenged in keeping applications secure. With Sentinel Source, WhiteHat says developers and security teams can test Web applications as they are developed, returning code remediation data to IT and developers to address security issues that matter most earlier in the development lifecycle, reducing risk, cost and resource-strain.
Other features and benefits that WhiteHat Sentinel Source offers include:
• Continuous, Concurrent and On-Demand: Code assessments may be queried as soon as new pieces are uploaded and are also performed continuously to identify if new vulnerabilities are created as development progresses
• On-Premise Scanning: Preserves integrity of intellectual property by performing all assessments without compiled source code leaving internal networks by providing an on-site appliance or virtual machine
• SaaS-Based Solution: Streamlines deployment and delivers vulnerability management and reporting via the unified Sentinel dashboard
• No False-Positives: Through WhiteHat Security’s Threat Research Center, Sentinel Source assessments are verified for exploitability so developers can efficiently address real problems
“Recent events have shown Web applications are the new front-line of businesses and that developers now play a key role in not only growing the business, but protecting it as well,” said Jerry Hoff.
Sentinel Source is available immediately and includes Sentinel Baseline Edition (BE) which helps ensure applications continue to be monitored after deployment.