• ::  Contact a Representative  ::  Information Center   ::  Contact WhiteHat  ::

• Home
• Sentinel Services
• Events & Webinars
• In the News
• Resources
•    Whitepapers
•    Videos & Presentations
•    Jeremiah Grossman Blog
•    Statistics Report
•    Sentinel Update
• Real-World Solutions
• Partners
• Support
• About WhiteHat

Whitepapers :: Technical Brief

:: NEW :: Software-as-a-Service Brief vs. "Do-it-Yourself" with a Web Application Scanner – Technical Brief :: January 2008

Software-as-a-Service (SaaS) is the efficient, modern way of delivering applications and securing them. Google, Salesforce.com, Amazon, and many other forward thinking companies have set the stage for SaaS adoption. Payroll, email, spam & malware filtering, CRM, financial services, order processing, and even network vulnerability management are popular solutions already rapidly taking advantage of the SaaS model. The economics and business efficiencies are simply too compelling to pass up. As the industry leader for website vulnerability management delivered via SaaS, WhiteHat Security is demonstrating its value to the enterprise.

Websites are the #1 Target – and They are Vulnerable
Having the most efficient website vulnerability management process possible is vital because if you research any industry vulnerability report or ask any security expert, they will tell you the Web application layer is the number one target for malicious attacks. The recently published SANS Top-201 for 2007 has this to say:
“Although half the total vulnerabilities reported in 2007 are in Web applications, it’s only the tip-of-the-iceberg. These data exclude vulnerabilities in custom developed Web applications. Compromised Web sites provide avenues for massive client-side compromises via Web browser, office documents, and media player exploits.”
WhiteHat Security’s own research2 from weekly assessments of hundreds of the largest and most popular public-facing and pre-production websites confirms this fact: 9 out 10 websites have vulnerabilities. This hasn’t gone unnoticed by the credit-card brands as criminals are compromising websites and snatching card numbers by the millions. The Payment Card Industry Data Security Standard (PCI-DSS)3 has mandated application code reviews or application layer firewalls by June of 2008. To stay ahead of the bad guys and maintain compliance, there’s just one way – SaaS.

Download Whitepaper ›››

• :: 2008 © Copyright WhiteHat Security, Inc.  ::  408.343.8300   ::   3003 Bunker Hill Lane, Santa Clara, CA 95054   ::   Contact the Webmaster   ::