• Home
• Services
  • Features
  • Benefits
  • Selection Guidelines
  • Demonstration
  • How Sentinel Works
  • Sentinel for QA
  • WhiteHat Sentinel
• Partners
  • Benefits
  • Partners
• Resources
  • Events & Webinars
  • Grossman Blog
  • News
  • Newsletters
  • Presentations & Videos
  • Stats Report
  • Trade Media
  • Whitepapers
• About Us
  • Management
  • Board
  • Careers
  • Contact us

WhiteHat Sentinel – How it All Works

WhiteHat Sentinel is a subscription-based service assuring complete website vulnerability management that is customer-controlled and expert-managed. Unlike traditional website scanning software or consultants, WhiteHat Sentinel is the only solution to combine proprietary scanning technology with custom testing by a team of leading security professionals. Below is an overview of how the Sentinel Service typically works.

1. The Customer provides a list of URLs representing websites to be tested by the WhiteHat Sentinel Service. This is defined in the service contract, and future URL changes require contract addendum.

2. The WhiteHat Security Operations Team begins configuring Sentinel to monitor and test the websites residing at the specified URLs.

If the websites use Internet Explorer proprietary JavaScript or ActiveX controls, custom coding may be required on WhiteHat’s part to scan the websites.

3. If user credentials are required to access the websites, and WhiteHat Security Operations cannot self-signup, a pair of user credentials for those specific websites will need to be supplied. If a website has multiple roles, a pair of users for each role in the website will be required (e.g., user, supervisor, administrator, etc.).

The more users and roles provided, the more testing work is created for WhiteHat Sentinel. This increase will likely be at least linear, if not exponential. If it takes 24 hours to test a website with one pair of users, adding four pairs of users will increase this to a minimum of 96 hours, plus additional Operations Team time to consolidate duplicate findings.

4. The customer controls everything Sentinel does – start times, stop times, scheduling, retesting – all managed through the WhiteHat Sentinel Interface. Initially, the Security Operations Team will assist the customer in setting up time schedules and the authorization of the live testing. Once the times and dates are confirmed and credentials are provided, Security Operations does the rest. Vulnerabilities that are detected are rated on both severity and threat levels. This allows developers to best prioritize the remediation process.

The WhiteHat Sentinel Service is not a “scanner.” WhiteHat Sentinel looks for
undiscovered and unknown website vulnerabilities within distinctive and unique Web applications; network vulnerability scanners look for known vulnerabilities within known code. This is an easier process: identifying a software version number and searching a database of known vulnerabilities for relevant issues. Website vulnerability management does not have the luxury of version numbers or an available, Web application vulnerability database; this makes website security significantly more complex.

As a result, website scanning is an iterative process by which WhiteHat Sentinel slowly and carefully discovers the website by digging deeper into the business logic, and making decisions about how to fill out and test forms (if it is safe to do so), and any custom tests that the Security Operations Team needs to write.

5. The Sentinel Service begins once the scanning process is activated. But remember, the scanning process is just the first step in an in-depth cycle. WhiteHat Sentinel combines proprietary scanning technology with custom testing that is conducted by the Security Operations Team. Also, the Operations Team verifies the results of all scans – customers see only real, actionable vulnerabilities. Here are the series of tasks that go on during this initial service:

• Test user credentials (may need to add new users/roles to scan properly).
• Train WhiteHat Sentinel on the business logic and how to understand forms and fill them out, and how to complete the workflow.
• Describe “fuzzer” tests to iterate through integer values, then compare responses for different values.
• Write custom tests unique to the website, based upon manual review of the business logic.
• Request/response tuning for unique uses of rich media (e.g., Flash).

Form workflow often occurs in layers. If it takes four forms to complete a transaction, Sentinel will find the first form, and then Security Operations will train Sentinel how to interact with that form. The next time Sentinel scans the website, it will take those actions on the form, and only then find the next form. It could take four scans to find and train a set of business workflow that took four forms to complete a transaction.

A “scan” may take five hours. Fully testing the website could take five weeks. Example: if restricted scanning windows are defined – say, only on Sundays – and it takes four scans after the first scan to discover and learn how to fill out all the forms and business logic, train our scanner, write custom tests, etc., and WhiteHat Sentinel only runs those iterative scans on Sunday, then it will be five weeks from start of service until the website is “fully” tested.

6. After the initial “training and testing” of the website, the Security Operations Team schedules a review to go over the findings and explain how they relate/map to software development practices and what remediation strategies work best for the customer’s situation.
The WhiteHat Security Operations Team is focused entirely on tackling Web security issues. They are well versed in explaining the security implications of the software defects and how to fix them quickly, completely, and verifiably.

7. Once the review is complete, ongoing assessments of the website can be conducted at anytime, or anytime the websites change. Websites can be monitored via the Sentinel Interface and tests can run “on demand” with the click of a button:

• Automatic retest – After a vulnerability is detected, an automatic retest occurs almost instantly. (The only case in which an automatic retest will not work is when WhiteHat’s authentication credentials are no longer valid).
• Manual retest requests – “Queues” a ticket for the WhiteHat Security Operations Team to review and possibly retest by hand. (Manual retest requests can take up to five business days to complete.)
• Scanning is scheduled through the Sentinel Interface. Sentinel scans the websites “low and slow,” much more slowly than less mature technologies. Sentinel usually runs against large production websites and “low and slow” allows us to test without affecting website availability to users.
• Scanning new code – As the WhiteHat Sentinel Service discovers new forms and new business logic it generates tickets internally for Security Operations to review.

Download the "WhiteHat Sentinel - How it All Works" data sheet (PDF 164 KB).

Home
Services
   Benefits   
   Features
   Selection Guidelines
   Demonstration
:: How Sentinel Works
   Sentinel for QA
   WhiteHat Sentinel
Partners
Resources
About Us

 

 

 

Download the "WhiteHat Sentinel - How it All Works" data sheet (PDF format 164 KB).