Connect with us

Hi, what are you looking for?


Application Security

WhiteHat Security Launches Static Application Security Testing Solution

WhiteHat Security, a Santa Clara, California based company best known for its Web application security testing solutions, today launched “Sentinel Source”, a new Static Application Security Testing (SAST) solution that helps developers and security teams with continuous concurrent code assessments.

WhiteHat Security, a Santa Clara, California based company best known for its Web application security testing solutions, today launched “Sentinel Source”, a new Static Application Security Testing (SAST) solution that helps developers and security teams with continuous concurrent code assessments.

Sentinel Source adds to WhiteHat’s existing Web security platform and helps manage the entire software development lifecycle, helping to secure application code as it’s written and improve developer skills surrounding security issues.

WhiteHat Security LogoThe company says Sentinel Source has the ability to track source code development for vulnerabilities in real-time and offers complete integration with its Dynamic Application Security Testing (DAST) product line that assesses sites in production and pre-production.

The technology behind Sentinel Source comes primarily as a result of WhiteHat’s June 2011 acquisition of Infrared Security, a company specializing in application security consultation and the development of static analysis technologies. As part of the acquisition, WhiteHat brought Infrared Security’s management on board, including Eric Sheridan who serves as Chief Scientist for the company’s Static Code Analysis Division, and Jerry Hoff who now serves as vice president of the division. Following the acquisition, over the next year, Sheridan and Hoff worked with the WhiteHat team on the integration of the SaaS-based static testing solution into the WhiteHat Sentinel product line, ultimately leading to today’s launch.

As organizations add more functionality to online applications developers are challenged in keeping applications secure. With Sentinel Source, WhiteHat says developers and security teams can test Web applications as they are developed, returning code remediation data to IT and developers to address security issues that matter most earlier in the development lifecycle, reducing risk, cost and resource-strain.

Other features and benefits that WhiteHat Sentinel Source offers include:

Continuous, Concurrent and On-Demand: Code assessments may be queried as soon as new pieces are uploaded and are also performed continuously to identify if new vulnerabilities are created as development progresses

On-Premise Scanning: Preserves integrity of intellectual property by performing all assessments without compiled source code leaving internal networks by providing an on-site appliance or virtual machine

Advertisement. Scroll to continue reading.

SaaS-Based Solution: Streamlines deployment and delivers vulnerability management and reporting via the unified Sentinel dashboard

No False-Positives: Through WhiteHat Security’s Threat Research Center, Sentinel Source assessments are verified for exploitability so developers can efficiently address real problems

“Recent events have shown Web applications are the new front-line of businesses and that developers now play a key role in not only growing the business, but protecting it as well,” said Jerry Hoff.

Sentinel Source is available immediately and includes Sentinel Baseline Edition (BE) which helps ensure applications continue to be monitored after deployment.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.