• ::  Contact a Representative  ::  Information Center   ::  Contact WhiteHat  ::

• Home
• Sentinel Services
•    Benefits
•    Features
•    Selection Guidelines
•    Sentinel Premium Edition
•    Sentinel Standard Edition
•    Demonstration
•    How Sentinel Works
•    PCI Compliance
•    Sentinel for QA
•    WAF Integration
• Education Services
• Events & Webinars
• In the News
• Resources
• Real-World Solutions
• Partners
• Support
• About WhiteHat

How the WhiteHat Sentinel Service Works ::

WhiteHat Sentinel is a subscription-based service assuring complete website vulnerability management that is customer-controlled and expert-managed. Unlike traditional website scanning software or consultants, WhiteHat Sentinel is the only solution to combine proprietary scanning technology with custom testing by a team of leading security professionals. Below is an overview of how the Sentinel Service typically works.

1. The Customer provides a list of URLs representing websites to be tested by the WhiteHat Sentinel Service. This is defined in the service contract, and future URL changes require contract addendum.

2. The WhiteHat Security Operations Team begins configuring Sentinel to test the web sites that represent the specified host names.

3. If user credentials are required to access the websites, and we cannot self-signup, a pair of user credentials for those specific websites will need to be supplied. If a website has multiple roles, a pair of users for each role in the website will be required (e.g., user, supervisor, administrator, etc.). The customer inputs the user credentials.

• The more users and roles provided, the more testing work is created for WhiteHat Sentinel. This increase will likely be at least linear, if not exponential.

4. The customer controls everything Sentinel does – start times, stop times, scheduling, retesting – all managed through the WhiteHat Sentinel Interface. Initially, the Security Operations Team will assist the customer in setting up time schedules and the authorization of the live testing. Once the times and dates are confirmed and credentials are provided, Security Operations does the rest. Vulnerabilities that are detected are rated on both severity and threat levels. This allows developers to best prioritize the remediation process.

• The Sentinel Service is an iterative process by which we slowly and carefully discovers the website by digging deeper into the business logic, and making decisions about how to fill out and test forms (if it is safe to do so). ). Custom tests for all websites under Sentinel management are continuously created and integrated into the underlying technology by the Security Operations Team in order to aid in the automation of ongoing assessment processes.

5. The Sentinel Service begins once the scanning process is activated. But remember, the scanning process is just the first step in an in-depth cycle. WhiteHat Sentinel combines proprietary scanning technology with custom testing that is conducted by the Security Operations Team. Also, the Operations Team verifies the results of all scans – customers see only real, actionable vulnerabilities. Here are the series of tasks that go on during this initial service:

• Test user credentials (may need to add new users/roles to scan properly).
  
  
• Train Sentinel on the business logic, fill them out, and how to complete the workflow.
  
  
• Describe “fuzzer” tests to iterate through integer values, then compare responses for different values.
  
  
• Write custom tests based upon manual review of the business logic.
  
  
• Request/response tuning for unique uses of rich media (e.g., Flash).
  
  Form workflow often occurs in layers. If it takes four forms to complete a transaction, Sentinel will find the first form, and then Security Operations will train Sentinel how to interact with that form. The next time Sentinel scans the website, it will take those actions on the form, and only then find the next form. It could take four scans to find and train a set of business workflow that took four forms to complete a transaction.

6. After the initial “training and testing” of the website, the Security Operations Team is available to review the findings and explain how they relate/map to software development practices and what remediation strategies work best for the customer’s situation.

7. Once the review is complete, ongoing assessments of the website can be conducted at anytime, or anytime the websites change. Websites can be monitored via the Sentinel Interface and tests can run “on demand” with the click of a button:

• Automatic retest – After a vulnerability is detected, an automatic retest occurs almost instantly. (The only case in which an automatic retest will not work is when WhiteHat’s authentication credentials are no longer valid).
  
  
• Manual retest requests – “Queues” a ticket for the WhiteHat Security Operations Team to review and possibly retest by hand. (Manual retest requests can take up to five business days to complete.)
  
  
• Scanning is scheduled through the Sentinel Interface. Sentinel scans the websites “low and slow,” much more slowly than less mature technologies. Sentinel usually runs against large production websites and “low and slow” allows us to test without affecting website availability to users.
  
  
• Scanning new code – As the WhiteHat Sentinel Service discovers new forms and new business logic it generates tickets internally for Security Operations to review.
  
  
• Reporting – Customer defines which personnel in their organization should have web access to the Sentinel interface that is available on a 7x24 basis. Vulnerabilities are posted as they are discovered and verified. The web-interface includes both high-level and detailed vulnerability reports and offers an API in cases where the customer would like to upload vulnerability data into other applications.

8. WhiteHat Sentinel can directly configure policies on a WAF to protect against vulnerability exploits.

• :: 2008 © Copyright WhiteHat Security, Inc.  ::  408.343.8300   ::   3003 Bunker Hill Lane, Santa Clara, CA 95054   ::   Contact the Webmaster   ::