For more than 20 years, the WhiteHat brand name has been synonymous with application security innovation. Today, we’re unveiling what is perhaps the most significant innovation in dynamic application security testing (DAST) in years: Vantage Prevent, a patented and revolutionary solution that enables enterprises to conduct DAST at each phase of the development cycle.
Purpose-built for the needs of modern development, Vantage Prevent leverages developers’ functional and quality assurance tests to identify exploitable security risks in their web applications and APIs. Vantage Prevent also allows DevOps engineers to automate security testing in CI/CD pipelines within their native environment, while security teams can assess vulnerabilities reported within minutes of discovery before they are deployed into production.
Vantage Prevent is the second solution in The WhiteHat Vantage Platform portfolio, which is built on top of a cloud-based SaaS architecture and features a robust public API that seamlessly integrates with teams’ existing tools to streamline workflows.
What makes Vantage Prevent revolutionary? Let’s dive in.
Features Designed to Reignite DevSecOps
Security professionals have commonly pointed to a fundamental disconnect between their function and developers/DevOps teams as the longstanding roadblock impeding their organization from implementing DevSecOps. However, the problem is rooted in existing technology. Vantage Prevent’s patented technology is poised to reignite DevSecOps in modern development and bring a united approach to application security through key features and functionalities that include:
Accelerating DAST to the Speed of Modern Development
Traditional DAST technology is typecast as a painfully slow security test, which is likely why it typically takes place in production by security teams, rather than in pre-production by developers and DevOps teams.
For too many years, these factors prevented the ability to shift DAST left in the SDLC. With Vantage Prevent, we aim to not only solve these problems, but do so in a way that’s so fast and easy that developers welcome the technology as part of their workflow.
First, to successfully bring DAST into development, we knew the solution must be fast. It must also produce immediate, accurate and easily consumable security results in seconds and minutes, not hours and days.
Vantage Prevent eliminates the time needed to crawl an application by leveraging functional tests, which most development organizations already create as part of their development process, to direct its security tests. Additionally, Vantage Prevent collapses the scan configuration paradigm by automatically and intelligently handling session state, eliminating the need to configure and manage credentials or scan templates — which drastically reduces the time it takes to complete a scan.
Developers can install Vantage Prevent and complete their first scan in 3-5 minutes. Basically, just give Vantage Prevent a functional test and point it to your running application and you’ll have immediate security results.
Bringing Next-Gen DAST to Developers — No Security Experience Required
The other problem with traditional DAST tools is that they’ve essentially designed to be used by security professions — not developers — which makes configuring a scan and understanding the results difficult for any team to the left of pre-production.
After completing a scan, Vantage Prevent provides all the details needed to recreate the vulnerability, including evidence of found exploits via screenshots of code. Much like a functional bug, developers are far more effective at resolving a vulnerability if it can be recreated, patched and then re-tested to see if their fix worked.
This is a big part of how Vantage Prevent changes the game: the tool is dead-simple for developers to use since it leverages their existing functional tests to guide a lightning-fast DAST scan. If the code within a functional test contains a security vulnerability, Vantage Prevent tees up remediation guidance that actually makes sense from the perspective of a developer and allows them to correct it before moving on to their next project, when the code is no longer fresh in their minds. By the time the developers’ code is committed to the CI/CD pipeline, developers can prove that their code not only works, but it will also be secure once deployed into production.
By enabling developers to run Vantage Prevent in their local environment, they can catch and fix vulnerabilities before they reach production and become exploitable. Not only will this help developers produce more secure code from the start, but it also aids security teams with their most important metric — the volume of vulnerabilities found in production.