• Support   |   Contact a Representative   |   Contact WhiteHat

• Website Risk Management
  • Asset Identification
  • Vulnerability Management
  • Reporting/Communication
  • Protection
• Sentinel Services
  • Cost-effective Solution
  • Benefits
  • Core Features
  • Selection Guidelines
  • Sentinel Premium Edition
  • Sentinel Standard Edition
  • Sentinel Baseline Edition
  • Sentinel for QA
  • PCI Compliance
  • Integration – via XML API
  • Certification Program
  • How Sentinel Works
  • WAF Integration
• Support Plus
  • Gold Service Level
  • Silver Service Level
  • Standard Service Level
  • Service Levels
• Education Services
  • Guidelines
  • Intro to Web App Security
  • Secure Coding for Java
  • .NET
• Events & News
  • News Coverage
  • Press Releases
  • Interviews
  • Awards
• Resources
  • Whitepapers
  • Webinars & Presentations
  • Jeremiah Grossman Blog
  • Website Statistics Report
  • Website Security Glossary
• Partners
  • Strategic Partners
  • Partner Application Form
  • Partner Portal Login
• About WhiteHat Security
  • Leadership Team
  • Board of Directors
  • Careers
  • Contact Us
  • Support

• Partners
•    Strategic Partners
•    Partner Application Form
•    Partner Portal Login

F5 Networks – integrated WAF solution

F5’s open iControl® API provides the integration between WhiteHat Sentinel’s industry-leading website vulnerability management service and F5 BIG-IP® ASM’s (Application Security Manager™) award-winning Web application firewall (WAF).

The integrated solution brings the entire industry to a new level of website protection—with extreme accuracy and efficiency. Customers have been waiting for a solution that delivers on the promise of rapid identification and immediate mitigation of vulnerabilities. The WhiteHat /F5 alliance makes complete website security simpler than ever for security professionals and developers.

The linkage between WhiteHat Sentinel and BIG-IP ASM completes the loop from vulnerability checking and detection to remediation of specific vulnerabilities using the BIG-IP ASM remediation process. The end result is total
website security:

• Increased protection via the rapid identification of website vulnerabilities – false positives are virtually eliminated
  
  
• Highly targeted vulnerability remediation (virtual patching) via BIG-IP ASM, keeping bad traffic out and letting good traffic in
  
  
• Simplified management:
  – WhiteHat filters and validates the data to provide only actionable results
  – WhiteHat continually updates and refines its vulnerability information
  to stay on top of the latest attack vectors.

A critical component of the Sentinel Service is to require WhiteHat Security Operations Team to verify the accuracy of every identified vulnerability, creating a highly precise vulnerability database for specific website's. As a result, the
WAF rules generated are “laser focused,” and as such, enable companies to use their WAFs in block mode without the fear of blocking good traffic. (Currently, companies rarely use their WAFs in block mode for this very reason.)

Through the F5 iControl API, WhiteHat Sentinel will be able to directly configure policies on the BIG-IP ASM product to protect against vulnerability exploits (e.g., Cross-site Scripting, SQL Injection) found during the scanning process.
Customers can apply a “virtual patch” to their site immediately, mitigating the current risk and then addressing the root issues as time and budgets allow.