Technical Insight

Product Management Update: Associated Host Names, BLAs, a new Vulnerability

We are hard at work again improving our self-service options in the Sentinel portal, fueled by customer requests and improved usability.

AHN Update:

First of all, we have created the ability for customers to add their own Associated Host Names (AHN) to a site. Previously handled through opening cases or calling support, this new feature allows customers to add up to ten AHN per site as they set up a new scan, either Basic, Standard, or Premium Edition. Sentinel administrators can add AHNs during onboarding, or after the site has been boarded from the Asset > Overview tab.

Once the AHN has been registered, WhiteHat TRC will verify that the added AHN is part of the same site. Sentinel users and admin are kept updated of the WhiteHat decision through the Status indicator visible next to each AHN. Various states include: Pending Verification, Verified, or Rejected. Rejection reasons include: Hostname is not related to the base Domain, Associated Hostname is inaccessible, or the ever-popular generic ‘Please contact [email protected] for information on why this AHN was rejected.’

Sentinel admins can delete “Rejected” and “Pending Verification” status AHNs. Example:

As with most administration and questions, all AHN related activity will be logged into “Activity Log” as part of maintaining a site audit trail.

BLAs update:

Business Logic Assessments (BLA) complement the Premium Edition dynamic scanning, providing the third-party web application penetration test required for many compliance items and best practices. Already available is the ability for administrators to schedule their own Business Logic Assessments (BLA.) WhiteHat recommends scheduling your BLA either immediately (especially for sites that are newly covered under a BLA license) or as best suits the business processes to ensure that major changes to your site are reviewed promptly.

Again, this capability bypasses the need for emails and cases, and puts the power of deciding when to schedule the BLA right at our customers’ fingertips, along with reviewing the newly re-designed BLA report.

For customers, there is more detailed information available in the document Understanding and Managing Business Logic Assessments in Salesforce. Once you have successfully scheduled your BLA, you will see a confirmation in the Assets tab here:

You also have a “BLA Usage Report” that is available in “Reports” tab in “Sentinel Management Reports” section.

We hope these updates and new capabilities will allow our customers greater control and transparency, both to interact with Sentinel to add AHNs and scheduling BLAs appropriate to their websites.