WhiteHat News Feed

WhiteHat Assesses Leading E-Commerce Platform

marketing@whitehatsec.com — 2007-02-20T08:00:38-08:00

AspDotNetStorefront Successfully Completes Security Assessment with WhiteHat Security

WhiteHat Sentinel Provides Timely, Comprehensive Website Vulnerability Assessment
of E-Commerce Shopping Cart Platform

SANTA CLARA, CA.—February 20, 2007—WhiteHat Security, Inc., a
leading provider of website vulnerability management services, today
announced that AspDotNetStorefront recently completed a comprehensive
vulnerability assessment of its e-commerce shopping cart platform using
WhiteHat Sentinel.

As a provider of a storefront platform in use by more than 3,500 Web
developers, and more than 5,000 customers including McDonald’s and Crocs,
AspDotNetStorefront is committed to providing the state of the art e-
commerce platform built on asp.net technologies. The Company selected
WhiteHat Sentinel, WhiteHat Security’s subscription, Web-based vulnerability
management service, to ensure customers and developers a secure platform
for their e-commerce activity.

Website security issues pose unique challenges to today’s enterprises. As
website vulnerabilities become increasingly prevalent, with 8 out of 10 sites
exploitable, the volume of website attacks has also increased. With no
formal industry processes or best practices for ensuring website security,
vulnerability issues have made it easier for hackers to attack and harder for
enterprises to protect against them.

WhiteHat Sentinel helps organizations identify, prioritize, manage and
remediate all website vulnerabilities with accuracy and confidence. It is the
only solution to combine proprietary scanning technology with custom testing
by a team of leading security experts to provide timely, complete and verified
vulnerability information. Only WhiteHat Sentinel looks for all 24 classes of
vulnerabilities identified by the Web Application Security Consortium’s
(WASC) threat classification.

“Since the company’s inception, AspDotNetStorefront has taken great pride
in building secure Web applications, and has consistently gone above and
beyond industry standard security practices,” said Robert Anderson, CEO of
AspDotNetStorefront. “Our decision to partner with WhiteHat reflects our
endorsement of WhiteHat’s proactive approach towards the detection of
potential security threats. We are pleased to provide our clients with this
additional layer of security.”

Anderson continued, “We selected WhiteHat Sentinel because we felt
WhiteHat’s comprehensive services were complementary to our culture of
proactively addressing potential threats and thwarting them before they have
an opportunity to cause damage, as well as to continue to provide our
leadership position in asp.net e-commerce shopping cart technology that
customers can count on.”

The WhiteHat Sentinel Service conducts hundreds of assessments for real-
world websites every month, each providing a unique and current
perspective into custom Web applications and vulnerability trends.
WhiteHat’s access to timely, cumulative Web application security data helps
AspDotNetStorefront achieve a clear view of the security issues affecting its
websites.

“We are pleased to support AspDotNetStorefront in its commitment to ensure
website security and integrity,” said Stephanie Fohn, CEO, WhiteHat
Security. “WhiteHat is proud to offer an easy-to-implement, easy-to-
manage, and cost-effective managed service that addresses the complete
spectrum of attack vectors used to exploit website vulnerabilities.”

About AspDotNetStorefront
AspDotNetStorefront.com, a Division of Discovery Productions, Inc, a
privately held company headquartered at 13104 N 145th Way, Scottsdale,
Arizona 85259 provides asp.net e-commerce shopping cart platforms for over
5,000 merchants and 3,500 asp.net developer partners. For more
information, visit www.aspdotnetstorefront.com or call 602-490-0243.

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is a leading
provider of website vulnerability management services. WhiteHat delivers
turnkey solutions that enable companies to secure valuable customer data,
comply with industry standards and maintain brand integrity. WhiteHat
Sentinel, the company’s flagship service, is the only solution that
incorporates expert analysis and industry-leading technology to provide
unparalleled coverage to protect critical data from attacks. For more
information about WhiteHat Security, please visit our website,
www.whitehatsec.com.

###

See Jeremiah Grossman at RSA 2007

marketing@whitehatsec.com — 2007-01-29T09:46:34-08:00

JEREMIAH GROSSMAN OF WHITEHAT SECURITY TO PRESENT
“HACKING INTRANET WEBSITES FROM THE OUTSIDE” AT RSA CONFERENCE

WhiteHat’s Founder and CTO to Deliver Technical Presentation Demonstrating the
Latest Web Threats at the 2007 RSA Conference

Who: Jeremiah Grossman, CTO and Founder of WhiteHat Security, a leading provider of website vulnerability management services

What: Session: Hacking Intranet Websites From the Outside (Session code: HT2-107)

When: Tuesday February 6, at 4:10-5:20p.m. PST

Where: RSA Conference – Green Room 104

WhiteHat Security today announced that Jeremiah Grossman, the Company’s founder and CTO, will lead a technical session at this year’s RSA Conference in San Francisco. The presentation, “Hacking Intranet Websites from the Outside,” will address the increasing prevalence of Javascript malware, the threats associated with it, why organizations must understand it and how they can defend against it.

Session learning objectives include:
• How a user is first infected or attacked using a malicious Web page or Cross-Site Scripting vulnerability;
• How a Web browser can be completely controlled or monitored remotely;
• How a Web browser can be used as a stepping stone to perform network reconnaissance on internal networks; and,
• How to exploit internal machines using a compromised Web browser.

Grossman will demonstrate a wide variety of cutting-edge website attack techniques and describe best practices for securing websites and users against these threats, including:
• Port scanning and attacking intranet devices using JavaScript;
• Blind Web server fingerprinting using unique URLs;
• Discovery NAT'ed IP addresses with Java Applets;
• Stealing Web browser history with Cascading Style Sheets;
• Best-practice defense measures for securing Websites; and,
• Essential habits for safe Web surfing.

In addition to his position at WhiteHat, Jeremiah Grossman is a world-renowned expert in website vulnerability management and a founding member of the Web Application Security Consortium (WASC). He is a frequent speaker at industry events including the Black Hat Briefings, ISACA’s Network Security Conference, NASA, the Air Force and Technology Conference, ISSA and Defcon. Grossman is also a featured expert and frequent contributor on TechTarget’s SearchAppSecurity.com site.

About WhiteHat Security
Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of website vulnerability management services. WhiteHat delivers turnkey solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the company’s flagship service, is the only solution that incorporates expert analysis and industry-leading technology to provide unparalleled coverage to protect critical data from attacks. For more information about WhiteHat Security, please visit our website, www.whitehatsec.com.

###

WhiteHat Achieves Record Growth

marketing@whitehatsec.com — 2007-01-22T15:25:26-08:00

WhiteHat Security Kicks Off 2007 with Record Growth and Momentum

Company Tripled Sales Bookings, Doubled Employees and Expanded Headquarters in 2006

[Download ]

SANTA CLARA, CA.—January 22, 2007—WhiteHat Security, Inc., a leading provider of website vulnerability management services, today announced accelerated growth and momentum in 2006. The company closed a record-setting fiscal year by tripling its client roster, including the addition of 10 Fortune 500 companies, and increasing its sales by 300 percent over the previous year.

During 2006, WhiteHat Security experienced a four-fold increase in the number of websites under management, securing its position as a market leader. The company attributes its momentum to the continued adoption of WhiteHat Sentinel, its website vulnerability management service. WhiteHat Sentinel is the only service that integrates expert analysis and industry-leading technology to provide unparalleled coverage. In addition, 2006 brought continued penetration in key industries including financial services, healthcare and e-commerce.

“WhiteHat’s growth in the market is exciting and validates the fact that website vulnerability management is a service in demand now more than ever,” said Ho Nam, general partner and co-founder, Altos Ventures. “WhiteHat’s increasing customer base is a testament to the Company’s brand and promise of delivering complete website vulnerability management controlled by customers and managed by experts.”

Further augmenting the Company’s significant corporate growth and market momentum, WhiteHat doubled its number of employees with additions across the board in operations, development, sales, marketing and quality assurance. The increased employee base resulted in the addition of three new regional offices in 2006 and plans for a larger corporate headquarters that will double the current physical size in early 2007. WhiteHat also added four U.S. channel partners to its network, thereby expanding the distribution of the Company’s services.

“We are quite pleased with our market traction and performance in 2006,” said Stephanie Fohn, CEO of WhiteHat Security. “Of our new customers, 10 are in the Fortune 500, further validating the trend that companies of all sizes are adopting website vulnerability management as a standard within their organizations. As more and more organizations recognize the need for comprehensive, timely and cost effective website security, we anticipate continued adoption of the WhiteHat Sentinel Service and rapid corporate growth.

WhiteHat Sentinel reduces the burden of securing websites with an ongoing service that provides up-to-date and comprehensive identification of the vulnerabilities that are putting online customer and corporate data at risk. It is the only solution that can assess for all 24 classes of vulnerabilities identified by the Web Application Security Consortium’s (WASC) threat classification, a critical component of comprehensive website security.

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of website vulnerability management services. WhiteHat delivers turnkey solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the company’s flagship service, is the only solution that incorporates expert analysis and industry-leading technology to provide unparalleled coverage to protect critical data from attacks. For more information about WhiteHat Security, please visit our website, www.whitehatsec.com.

###

WhiteHat Launches Trade-Up Program

marketing@whitehatsec.com — 2007-01-09T08:11:37-08:00

WhiteHat Security Announces Risk-Free Competitive Trade-Up Program

Company Invites Users to Trade-In Legacy Website Scanning Products for Complete Website Vulnerability Management Service

SANTA CLARA, CA.—January 9, 2007—WhiteHat Security, Inc., a leading provider of website vulnerability management services, today announced a risk-free Trade-Up program that allows users of Acunetix, Cenzic, SPI Dynamics and Watchfire website scanning software to trade-in their legacy products for a $10,000 credit toward a year subscription to the WhiteHat Sentinel Service. The WhiteHat Sentinel Service is the only website vulnerability management service that incorporates expert analysis and industry-leading technology to provide unparalleled coverage to protect critical data from attacks.

WhiteHat Sentinel reduces the burden of securing websites with an on-going service that provides up-to-date and comprehensive identification of the vulnerabilities that are putting online customer and corporate data at risk. It is the only solution that can assess for all 24 classes of vulnerabilities identified by the Web Application Security Consortium’s (WASC) threat classification

“Today, enterprises are facing a proliferation of Web vulnerability issues, many of which cannot be found by legacy scanners. Now more than ever, they need to be confident that proprietary customer data on websites is protected from hackers,” said Stephanie Fohn, CEO of WhiteHat Security. “WhiteHat is proud to offer organizations a proven, enterprise-class solution that is easy to implement, easy to manage and delivers the most comprehensive coverage available.”

WhiteHat Security Trade-Up Program Details:
Customers can trade-in legacy website scanning product(s), up to three “seats” or web applications per customer, to receive a $10,000 credit (per seat) towards a year’s subscription to the WhiteHat Sentinel service.
Eligible trade-in products include:
• Web Vulnerability Scanner from Acunetix;
• Hailstorm from Cenzic;
• WebInspect, DevInspect, or QAInspect from SPI Dynamics; and,
• AppScan from Watchfire.

To learn more about WhiteHat Sentinel and register for the promotion, please visit http://www.whitehatsec.com/home/TradeUp/TradeUp.html.

To read the Whitepaper, Automated Vulnerability Scanning and the OWASP Top Ten, authored by Jeremiah Grossman, WhiteHat Founder and Chief Technology Officer, please visit click here.

Conditions:
• This offer is available January 1st – March 31st, 2007.

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of website vulnerability management services. WhiteHat delivers turnkey solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the company’s flagship service, is the only solution that incorporates expert analysis and industry-leading technology to provide unparalleled coverage to protect critical data from attacks. For more information about WhiteHat Security, please visit our website, www.whitehatsec.com.

WhiteHat Releases Risk Report

marketing@whitehatsec.com — 2006-11-15T14:17:39-08:00

WhiteHat Security Releases Web Application Security Risk Report Identifying the Top Vulnerabilities

First-of-its-Kind List Provides Enterprises with Actionable Information to Raise Awareness of Web Application Threats

SANTA CLARA, CA.—November 15, 2006—WhiteHat Security, Inc., a leading provider of Web application security services, today announced the availability of its inaugural Web Application Security Risk Report. The report, which offers a high-level view of vulnerabilities affecting enterprise Websites, focuses primarily on e-commerce, financial services, healthcare and high-tech sites and explains the percentage likelihood of vulnerability classes existing within these sites. This first-of-its-kind report will be published quarterly beginning in January 2007.

Web applications have quickly become the top target for malicious attacks. WhiteHat research reveals that eight out of ten Websites have serious flaws, including Cross-Site Scripting and SQL Injection, making them susceptible to criminals looking to cash in on cyber crime. Common business logic flaws, such as insufficient authorization, that are often undetected but can lead to customer account compromise, top the list as well.

As Web application vulnerabilities are among the fastest growing and most serious threats, enterprises turn to WhiteHat Security’s Sentinel service for continuous and comprehensive Web application assessments. It is the assessment of hundreds of real-world Websites each month that affords WhiteHat a unique and current perspective into custom Web applications and vulnerability trends. As the only company with access to timely, cumulative Web application security data, sharing its findings will enable enterprises to gain a clearer picture of the security issues affecting their Websites today. This data will also help companies realize the possible business impact of these attacks and how to prevent them from occurring.

WhiteHat Security uses the Web Application Security Consortium (WASC) threat Classification of 24 Web application vulnerability classes as a baseline for classifying vulnerabilities. This standard ensures comprehensive coverage of the known types of Web application vulnerabilities. Unlike other methods of common vulnerability assessments in commercial and open source software, the WhiteHat data is compiled and aggregated into a database of previously unknown vulnerabilities in custom Web applications, keeping WhiteHat on the forefront of the latest vulnerability trends.

“We are excited to be able to offer this insight into the growing issue of Web application security,” said Jeremiah Grossman, Founder and Chief Technology Officer of WhiteHat Security. “We expect these quarterly reports to shed light on prevalent vulnerabilities and help enterprises combat them efficiently. Through this type of industry awareness we expect to see a decrease in the number and severity of vulnerabilities across the board, especially among businesses which take a proactive approach to protecting their Websites.”

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of web application security services. WhiteHat delivers turnkey solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the company’s flagship service, provides continuous vulnerability assessment and management for web applications. For more information about WhiteHat Security, please visit our website, www.whitehatsec.com.

###

WhiteHat Security Debuts Sentinel 3.0

marketing@whitehatsec.com — 2006-10-23T09:00:09-07:00

[Download ]

WhiteHat Security Debuts Sentinel 3.0, the Next Evolution of the Industry’s On-Demand Vulnerability Assessment for Web Applications
- WhiteHat Sentinel 3.0 Provides Comprehensive, On-Going and Easy-To-Manage Vulnerability Assessment of Web Applications -

SANTA CLARA, CA.—October 23, 2006—WhiteHat Security, Inc., a leading provider of Web application security services, today announced WhiteHat Sentinel 3.0, the industry’s only continuous vulnerability assessment and management service for Web sites. Sentinel 3.0 reduces the burden of securing Web applications with an on-going service that provides up-to-date, and comprehensive identification of the vulnerabilities that are putting online customer and corporate data at risk. It is the only solution that can assess for all 24 classes of vulnerabilities identified by the Web Application Security Consortium’s (WASC) threat classification.

Web application security is inherently complex because the vast majority of e-commerce and interactive sites are created with custom code. Often, these sites change on a weekly or even daily basis, unlike commercial software products. WhiteHat Sentinel 3.0 enables assessment each time a Web site is changed or updated, and ensures the identification of existing and new vulnerabilities. This is accomplished through a three-step process - scanning, verification and custom testing. As part of this process, WhiteHat integrates expert analysis with proprietary scanning technology which delivers more in-depth results than scanning alone, since many of the most dangerous vulnerabilities can only be detected by this combined process. WhiteHat security engineers review all scanner findings to ensure accuracy and eliminate false positives.

Some of the key elements of Sentinel 3.0 include:
• One-click vulnerability retesting, for fast and easy confirmation of vulnerability remediation;
• Customized threat levels which streamline the remediation process by allowing customers to prioritize vulnerability repair;
• “Inspector,” (patent-pending) which enables WhiteHat to build a knowledgebase to look at defect patterns and immediately apply new discoveries on one site across the entire customer base;
• Web services API to directly integrate Sentinel vulnerability data with bug tracking systems or SIMs, and allow end-users to remain within their established framework system; and,
• Mapping to Payment Card Industry (PCI) vulnerability severity levels for simplified customer reporting.

WhiteHat Sentinel is a powerful platform based on a service-oriented architecture (SOA) that was built to assess hundreds, even thousands of the largest and most complex websites simultaneously. This scalability of both the methodology and the technology enable WhiteHat to streamline the process of Web application vulnerability assessment for customers. In addition, Sentinel 3.0’s unique Web-based customer interface provides real-time reporting for current vulnerability status at any time.

“ Companies need to comprehensively assess their websites every time they change, and Sentinel 3.0 is the only solution that provides this capability,” said Stephanie Fohn, chief executive officer, WhiteHat Security. “In addition, Sentinel 3.0 makes the entire process of managing website security much easier for the customer, by providing all the information necessary to quickly and efficiently remediate vulnerabilities.”

Industry Analysts Highlight Great Need to Mitigate Web Application Vulnerabilities.
"Given that applications, especially Web applications, are becoming a prime target of attackers, it is becoming imperative for enterprises to invest in vulnerability assessment solutions that identify and address the serious web application weaknesses. The critical Web application vulnerabilities need to be intelligently prioritized so they can be fixed," said Charles Kolodgy, research director for Security Products at IDC. "Large e-commerce, financial services and healthcare organizations, increasingly at risk to Web application attacks, should strongly consider evaluating security service offerings to address managing and mitigating Web application vulnerabilities."

With Sentinel 3.0, WhiteHat has enhanced its customer interface to provide users with easier access to information and greater control. To ensure customers are getting the most out of the service, WhiteHat has implemented an “Ask a Question” feature as part of the interface where users can submit questions regarding specific vulnerabilities. WhiteHat support can respond to and answer these customized questions, and also store them in a centralized repository for future access.

“Increasing amounts of data exposed via Web sites, combined with rapidly changing application code, necessitate continuous application assessment services,” said Bill Pennington, vice president of services, WhiteHat. “In addition to all of the new features and functionality of Sentinel 3.0, WhiteHat’s scalable technology and process enable us to provide on-going service to customers, regardless of whether they have one site or thousands.”

WhiteHat Sentinel 3.0 is currently available for an annual subscription fee with tiered pricing based on the number of Web applications. Contact the WhiteHat sales office at (408) 492-1817 for more information.

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of web application security services. WhiteHat delivers turnkey solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the company’s flagship service, provides continuous vulnerability assessment and management for web applications. For more information about WhiteHat Security, please visit our website, www.whitehatsec.com.

WhiteHat Names VP of Marketing

marketing@whitehatsec.com — 2006-10-10T22:04:41-07:00

[Download ]
WhiteHat Security Taps New Vice President of Marketing To Drive Strategy and Branding Initiatives
- Mark Hodgson, Former Director of Marketing Communications at Charles Schwab, Joins Management Team of Web Application Security Leader -

SANTA CLARA, CA—October 10, 2006—WhiteHat Security, Inc., a leading provider of Web application security services, today announced the addition of Mark Hodgson to the management team as vice president of marketing. Hodgson will be leading strategic marketing initiatives to ensure WhiteHat remains at the forefront of the Web application security space, driving useful research, new services and information to mitigate Web-based threats to corporate and customer data.
Hodgson brings more than 18 years of management experience in high-technology marketing, with particular knowledge of the information security space, to WhiteHat and will be responsible for leading the Company’s brand management, demand generation and research initiatives. He has tremendous expertise in building and driving customer-focused marketing organizations. Hodgson’s professional experience includes areas such as branding and positioning, Internet marketing and end-user market research.
“Mark’s proven track record of building brands, and knowledge of the evolving security market will help drive the growth of WhiteHat and transform how companies address Web application threats,” said Stephanie Fohn, chief executive officer of WhiteHat.
WhiteHat most recently announced enhanced offerings for WhiteHat Sentinel, its continuous vulnerability assessment and management service for Web applications. WhiteHat Satellite and the WhiteHat Web Services API enable customers and partners to expand their visibility into Web application vulnerabilities inside of corporate networks, and provide greater integration into the software development life cycle (SDLC). With additional company announcements and developments in the pipeline, Hodgson will help ensure WhiteHat’s solutions are marketed and positioned effectively.
Most recently, Hodgson worked at Charles Schwab as the director of marketing communications for Schwab Institutional, the division that supports the Registered Independent Advisor (RIA) community in the U.S. In this role, Hodgson was responsible for promoting the adoption of technology products and services to the RIAs, such as paperless document delivery, enhancements to its Web-trading platform, and online money movement.
Prior to Schwab, Hodgson held management-level positions at Symantec, SecurityFocus, BigFix, TiVo, and Hewlett-Packard. He will leverage his comprehensive experience in support of aggressive growth strategies for WhiteHat’s rapidly expanding business and focus on further development and expansion of the Company’s Web application solutions.

“One of the key drivers in my decision to join WhiteHat Security was the opportunity to work alongside industry heavyweights such as Stephanie Fohn and Jeremiah Grossman,” said Hodgson. “The chance to grow a company in its early stages in a critical market such as Web application security is intriguing to me and I am honored to be a part of it.”

Hodgson earned his Master of Business Administration with a concentration in international marketing at the University of Michigan, and his Bachelor of Arts in political science at the University of California, Berkeley.

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of Web application security services. WhiteHat delivers turnkey solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the company’s flagship service, provides continuous vulnerability assessment and management for web applications. For more information about WhiteHat Security, please visit our website, www.whitehatsec.com.

WhiteHat Sentinel Adds Web API

marketing@whitehatsec.com — 2006-09-12T21:43:50-07:00

[Download ]
WhiteHat Security Extends Service to Assess QA Applications and Provide Portal and SIM Integration
- WhiteHat Sentinel Adds Features Providing Greater Visibility and Manageability to Enterprise Web Application Vulnerability Data-

SANTA CLARA, CA.—September 12, 2006—WhiteHat Security, Inc., a leading provider of Web application security services, today announced the enhanced offerings of WhiteHat Sentinel, its industry-leading continuous vulnerability assessment and management service for websites. The two new additions, WhiteHat Satellite and the WhiteHat Web Services API, enable customers and partners to expand their visibility into web application vulnerabilities inside of corporate networks, and provide greater integration into the software development life cycle (SDLC).

“WhiteHat creates Web application security solutions that address today’s most critical security needs as more information is stored and accessible via the Web,” said Stephanie Fohn, WhiteHat Security, chief executive officer. “We recognize that customers and partners have different testing requirements and varied ways of managing their vulnerability data — WhiteHat provides the flexibility to work within their SDLC and security data management infrastructure.”

WhiteHat Satellite is an easy-to-install appliance that provides access and visibility to further assess and evaluate Web applications residing behind the firewall. This provides an additional level of assessment for customers during the QA process, adding a comprehensive security evaluation as part of the SDLC prior to deployment. WhiteHat Satellite provides an additional layer of security which extends WhiteHat Sentinel’s comprehensive vulnerability coverage to QA and Intranet applications.

The WhiteHat Web Services API gives customers and partners a choice in managing WhiteHat Sentinel vulnerability data. Now, customers can easily integrate WhiteHat data into any existing Security Information Management (SIM) systems or other internal portals. Partners, including resellers, MSPs and MSSPs, who may offer a variety of managed services, can include the results of WhiteHat Sentinel vulnerability assessments in their custom customer interfaces.

“As Web application vulnerabilities become increasingly critical to business, there is increased urgency to rapidly disseminate the data across the enterprise. Using the WhiteHat Web Services API our customers can integrate real time web application vulnerability data into existing SOA infrastructures,” said Bill Pennington, WhiteHat Security vice president of services.

The WhiteHat Sentinel Web Services API enables customers or partners to retrieve vulnerability data from a WhiteHat Sentinel account in XML format, containing all vulnerabilities in open and closed status. It is intuitive and as easy as generating a Web API key and issuing a request to a special URL associated to a specific WhiteHat Sentinel user account. WhiteHat Satellite is configured to use DHCP and does not require any manual configuration by the end user.

WhiteHat Satellite is currently available for $1,200 for an unlimited number of applications. Current WhiteHat Sentinel customers can access the WhiteHat Sentinel Web API free of charge. Contact the WhiteHat sales office at (408) 492-1817 for more information.

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of web application security services. WhiteHat delivers turnkey solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the company’s flagship service, provides continuous vulnerability assessment and management for web applications. For more information about WhiteHat Security, please visit our website, www.whitehatsec.com.

Hacking Intranets-BlackHat 2006

marketing@whitehatsec.com — 2006-07-17T10:26:46-07:00

[Download ]
WhiteHat Security Founder and CTO to Demonstrate New Attack at BlackHat 2006
Jeremiah Grossman to present Hacking Intranets from the Outside: JavaScript Malware Just Got a lot More Dangerous at Las Vegas Conference

SANTA CLARA, Calif. - July, 17 2006 - WhiteHat Security, a leading provider of web application security services, today announced that Jeremiah Grossman, the companys founder and CTO, was selected to present at BlackHat USA 2006 in Las Vegas. At this premier security industry event, Mr. Grossman will reveal how common web application vulnerabilities can be exploited to hijack internal networks.

In his presentation, Hacking Intranets from the Outside: JavaScript Malware Just Got a lot More Dangerous, Mr. Grossman will demonstrate how attackers propagate Javascript malware via cross-site scripting (XSS) and other web application flaws to control Web browsers and compromise intranet devices. The potentially devastating consequences of these attacks include port scanning internal networks, reconfiguring routers and firewalls, hacking payroll systems and blind web server fingerprinting. He will present on August 3, 2006 at 10:00 a.m.

BlackHat is a great opportunity to share the most cutting-edge information security discoveries, said Mr. Grossman. With the number of applicants and presentation quality increasing each year, its an honor to be selected among the worlds leading experts.

Mr. Grossman is a popular speaker at the BlackHat conferences in the US and Japan. He started a buzz last year with his demonstration of how cross-site scripting, the most common web application vulnerability, could be used to create a new breed of phishing attacks. Since then he has also published a comprehensive history of cross-site scripting worms and viruses as well as an introduction to web application security. In addition to his duties at WhiteHat, Mr. Grossman is a founder of the Web Application Security Consortium (www.webappsec.org), and a featured expert and frequent columnist on TechTargets SearchAppSecurity website. He is also a frequent speaker at ISSA, ISACA and other industry conferences.

###

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of web application security services. WhiteHat delivers turnkey solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the companys flagship service, provides continuous vulnerability assessment and management for web applications. For more information about WhiteHat Security, please visit our website, www.whitehatsec.com.

Media Contact: Dawn van Hoegaerden
Director of Marketing
dawn@whitehatsec.com
(408) 492-1817

WhiteHat Lands Additional Investment

marketing@whitehatsec.com — 2006-06-26T10:29:19-07:00

[Download ]
WhiteHat Security, Inc., a leading provider of web application security services, today announced that it has secured $3.5 million in a financing round led by Altos Ventures. Startup Capital Ventures and existing investors also participated in the round. WhiteHat will use the new investment to expand its sales and marketing efforts and continue refinement of its groundbreaking service for continuous web application vulnerability assessment and management. The current round is expected to fund the company to profitability.

WhiteHat Security is at the forefront of web application security market. WhiteHat Sentinel, the companys flagship service, is the first and only continuous vulnerability assessment and management service for websites. With WhiteHat Sentinel, organizations can be assured that they are armed with the information they need to prevent attacks on Web-based corporate and customer data.

WhiteHat represented a tremendous opportunity for Altos Ventures to invest in a true market leader, said Ho Nam, general partner at Altos Ventures. WhiteHats combination of technology innovation and customer acceptance make it a very attractive addition to our portfolio.

WhiteHat research, based on thousands of web application assessments, demonstrates that 80% of all websites have a serious vulnerability that can lead to data compromise, fraud and identity theft. Companies of all types, from financial services giants, Fortune 500 retailers and healthcare leaders turn to WhiteHat to protect their customers and their corporate brand.

WhiteHat has experienced tremendous growth as comprehensive web application security evolves into a must-have for all companies conducting business on the Internet, said Stephanie Fohn, president and chief executive officer of WhiteHat Security. With the strength of our new investment, well be able to reach more customers more quickly and continue to raise the bar for web application security solutions.

###

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of web application security services. WhiteHat delivers turnkey solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the companys flagship service, provides continuous vulnerability assessment and management for web applications. For more information about WhiteHat Security, please visit our website, www.whitehatsec.com.

Media Contact: Dawn van Hoegaerden
Director of Marketing
dawn@whitehatsec.com
(408) 492-1817

WhiteHat Approved as PCI Scanning Vendor

marketing@whitehatsec.com — 2006-05-16T15:47:06-07:00

[Download ]
WhiteHat Security Approved as a MasterCard
Site Data Protection Scanning Vendor

WhiteHat PCI solution meets existing payment industry standard to
deliver end-to-end vulnerability assessment at an affordable price

Santa Clara, CA, May 16, 2006 - WhiteHat Security, a leading provider of
web application security services, announced today that it has successfully
completed the MasterCard Site Data Protection (SDP) scanning vendor
testing process. As an SDP approved scanning vendor, WhiteHat is allowed
to help merchants evaluate the security of their Web sites, and achieve
compliance with the Payment Card Industry (PCI) Data Security Standard.

WhiteHat Security has achieved approved status by proving its ability to
detect, identify and report vulnerabilities common to flawed web site
architectures and configurations. These vulnerabilities, if not patched in
actual merchant Web sites, could potentially lead to an unauthorized
intrusion. By proactively identifying and providing the opportunity to remedy
such vulnerabilities, SDP-approved scanning solutions offer a means for
reducing risk of intrusion and data compromise.

“WhiteHat is pleased to join the SDP program and to offer merchants a cost-
effective, one-stop solution that meets PCI compliance standards,” said
Stephanie Fohn, WhiteHat chief executive officer. “The combination of
WhiteHat’s industry-leading web application assessment technology with
network vulnerability assessment provides merchants with comprehensive
vulnerability coverage.”

The SDP Scanning Vendor Approval Process is a core component of
MasterCard’s Site Data Protection ProgramTM, a comprehensive, proactive
and cost-effective program designed to help protect the online and physical
infrastructures of its customer financial institutions, merchants and other
payment processors holding MasterCard account information.

“The Site Data Protection Vendor Approval Process reflects our ongoing
commitment to helping our customers and merchants evaluate and improve
the security of their web sites and physical sites in a timely and affordable
manner. The end result we are striving for – improved overall channel
security – is a win-win for all parties involved,” said Stephen Orfei, senior
vice president and head of the MasterCard e-Commerce Center of Excellence.

WhiteHat Security Taps Seasoned Executives for Team

marketing@whitehatsec.com — 2006-02-14T08:57:03-08:00

[Download ]
Web Application Security Company Adds Vice-Presidents of Sales and Operations

SANTA CLARA, Calif. - February, 14 2006 - WhiteHat Security, Inc., a leading provider of web application security services, today announced the appointment of Jeff Gall as vice president of sales and Joe Kevin as vice president of operations. Both Mr. Gall and Mr. Kevin bring extensive security and business management experience to WhiteHat.

We are pleased to expand our senior management team to include executives like Jeff and Joe, said Stephanie Fohn, president and chief executive officer of WhiteHat Security. I am confident that under their stewardship we will continue to expand our customer base and extend our leadership position in the web application security market.

Mr. Gall has more than twenty years of experience in technology sales and sales management. He has extensive experience in venture capital-backed start-ups in emerging market segments, selling network infrastructure and security solutions to Global 2000 companies. Prior to WhiteHat, Mr. Gall held executive positions at Pilot Network Services, Netscout Systems and Digital Fountain. At WhiteHat, Mr. Gall will lead both direct and channel sales efforts.

Im excited to join WhiteHat at such a dynamic time in its history, said Mr. Gall. The dramatic increase in the volume of web application attacks, and the severity of the consequences, has created unprecedented demand for WhiteHats comprehensive solution for web application vulnerability assessment.

As vice president of operations, Mr. Kevin will oversee the delivery of WhiteHat Sentinel, the companys flagship service, as well as the companys IT and facilities infrastructure. Prior to WhiteHat, Mr. Kevin was the vice president of operations at SecurityFocus, a venture-funded start-up that was acquired by Symantec. In that capacity, he established the customer support organization, drove the infrastructure strategy and planning, and facilitated systems integration post-acquisition. Earlier in his career, Mr. Kevin held senior management positions at Equinix and Pilot Network Services.

WhiteHat is an innovator in the delivery of web application security services, said Mr. Kevin. I look forward to building our infrastructure and processes to serve as a foundation for growth.

###

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of web application security services. WhiteHat delivers turnkey solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the companys flagship service, provides continuous vulnerability assessment and management for web applications. For more information about WhiteHat Security, please visit our website, www.whitehatsec.com.

Media Contact: Dawn van Hoegaerden
Director of Marketing
dawn@whitehatsec.com
(408) 492-1817

WhiteHat Security Tackles Website Security Challenges Head-On

marketing@whitehatsec.com — 2005-05-09T09:02:34-07:00

[Download ]
SANTA CLARA, Calif.—May 9, 2005—WhiteHat Security, Inc., a leading provider of web application security services, today announced the availability of WhiteHat Sentinel 2.0, the evolution of its continuous vulnerability assessment and management service for websites. WhiteHat Sentinel addresses the key concerns of companies doing business online— how to provide timely, comprehensive, and accurate vulnerability information to mitigate risk and protect corporate and customer data.

WhiteHat Sentinel 2.0 delivers ongoing assessments of web application security and a current view of remediation status, giving companies the knowledge to defend their customers against phishing and other web application attacks. New trending and executive-level PDF reports, plus automated vulnerability management ease the compliance reporting process.

“Website security is an integral part of a comprehensive security strategy. One exploited vulnerability can significantly impact business profitability and customer confidence,” said Stephanie Fohn, WhiteHat chief executive officer. “With WhiteHat Sentinel 2.0, we have expanded the functionality of our turnkey service to meet the exacting requirements of today’s online businesses.”

WhiteHat Names Stephanie Fohn Chief Executive Officer

marketing@whitehatsec.com — 2005-04-26T14:31:13-07:00

[Download ]
SANTA CLARA, Calif. - April 26, 2005 - WhiteHat Security, Inc., the leading provider of web application security services, today announced the appointment of Stephanie Fohn to the position of president and chief executive officer. A security industry veteran, Ms. Fohn brings more than 20 years of technology operations, business development and marketing experience to WhiteHat.

"We are excited to bring an executive with Stephanie's broad base of entrepreneurial experience on board," said John Dean, chairman of the board of WhiteHat Security. "Her demonstrated success in driving the growth of security start-ups is just what we need to extend WhiteHat's leadership position in web application security."

Most recently, she was president and chief operating officer of SecurityFocus, a provider of enterprise security threat management systems. She led the company to a dominant industry position, resulting in its acquisition by Symantec in August 2002. "WhiteHat has built the only service that provides the continuous and comprehensive vulnerability assessment coverage that online businesses require," said Ms. Fohn. "I look forward to working with our world-class team and valued customers as we continue to innovate and grow the company."

Previously, Ms. Fohn served as vice president of marketing and business development for Tripwire, Inc., director of business development at Pilot Network Services, and director of distribution partnerships for Infoseek/Go Network. Ms. Fohn has also held various positions in venture capital and investment banking. She holds an M.S. degree in management from Massachusetts Institute of Technology and bachelor's degrees in business and psychology from University of Washington.

###

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is the leading provider of web application security services. WhiteHat develops comprehensive, easy-to-use, cost-effective solutions that enable companies to secure valuable customer data, meet federal compliance standards and maintain customer confidence. WhiteHat Sentinel, the company's flagship service, provides continuous vulnerability assessment and management for web applications. For more information about WhiteHat Security, please visit our website, www.whitehatsec.com.

Media Contact: Dawn van Hoegaerden
Director of Marketing
dawn@whitehatsec.com
(408) 492-1817