Press Releases

WhiteHat Security Continues Application Security Market Leadership with Highest Customer Retention Rates to Date and Significant Company Growth

Success spurred by expanding client roster, key executive leadership appointments, and widespread adoption of its platform

SAN JOSE, Calif., Jan. 30, 2018 – Following Q4 2018, its biggest quarter in the company’s 17-year history, WhiteHat Security, the leading application security provider committed to securing digital business, today released a summary of its 2018 performance. WhiteHat continues to see significant market momentum for its cloud-based application security platform with sustained quarter-over-quarter new bookings growth and widespread adoption of its application security platform among its rapidly expanding client roster.

The company said that it exited 2018 with more than 35 percent growth in business, and the highest customer retention to date. Clients depend on WhiteHat to secure their applications throughout the software lifecycle with the WhiteHat Application Security Platform. In 2018, many of WhiteHat’s new and existing clients took steps to embrace DevSecOps by integrating WhiteHat’s static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) capabilities throughout their software lifecycle and achieved their goals of reducing risks due to application vulnerabilities, while keeping budgets in check and meeting their project schedules.

While WhiteHat’s 2018 product advancements focused largely on automation for the digital era, WhiteHat’s employee headcount expanded to address growing business and operational needs. Across North America and EMEA, 112 new hires included marketing veteran Matthew Hutchinson as vice president of Marketing, instrumental in amplifying WhiteHat’s recognition as an established, worldwide leader in DevSecOps and application security; Monier Jalal, vice president of Product Management, responsible for driving the strategy and the delivery of application security product suite; and  Joseph Feiman, chief strategy officer, who brought 18 years of experience as an analyst at Gartner, where he co-founded the application security market category and defined nearly all of the terms used in the space. Feiman is instrumental in identifying overarching business strategy and vision with CEO Craig Hinkley.

“The application security market saw an unfortunate increase in hackers’ attacks and exploited vulnerabilities this year, and WhiteHat is leading the effort to stem the tide of this alarming trend in the digital era,” said Hinkley. “We have prioritized our product innovations to use the intelligence that helps developers identify security vulnerabilities in applications at the code level, throughout the entire software lifecycle and in production. This approach not only addresses vulnerabilities that come from open source and microservices, but it decreases the overall risks to our customers’ businesses.”

Product Innovation Highlights

In September, WhiteHat introduced new artificial intelligence (AI) software into its WhiteHat Sentinel Dynamic, dynamic application security testing (DAST) solution, which draws from a data lake of 95 million identified vulnerabilities. The AI enhancements deliver the highest level of accuracy in the shortest timeframe, traditionally only achieved through fully automated testing with additional human verification. The software will dramatically decrease threat vector identification times and improve the efficiency of false positive identification.

To continue executing on WhiteHat’s nine-box DevSecOps strategy by providing three types of DAST, SAST, and SCA, the company just launched its Sentinel ‘Essentials’ product line. The line is comprised of Sentinel Source Essentials Edition and Sentinel SCA Essentials Edition to provide SAST and SCA respectively for the build phase of the software lifecycle.

Significant advancements were also made to WhiteHat’s Attack Vector Intelligence™ (AVI) technology, so it can automatically identify false SAST vulnerabilities without manual verification from the Service Delivery, thus reducing false positive rates. Additionally, a Jenkins plugin was updated with options to fail CI/CD builds if new vulnerabilities are found. This enables “release assurance” for DevOps customers. The total number of supported languages that can be scanned using WhiteHat Sentinel Source and WhiteHat SCA was increased to nine, including: Java, C#, PHP, Objective-C, JavaScript, HTML/5, XML, and now TypeScript and Python (Beta), popular programming languages used to develop large applications for the client- or server-side execution. Additionally, WhiteHat Sentinel Source and WhiteHat Sentinel SCA test around 100 other widely-used frameworks such as Android, Angular, ASP.Net, Apache Commons, BackboneJS, Drupal, Express, Hibernate, JSP,  JSF,  jQuery, React, SailsJS, Sonic, Spring, Spring Boot, Struts, Zend, etc.

DevSecOps is Critical to Securing the Enterprise

WhiteHat’s 13thannual application security report became a call to arms for DevOps teams because it identified security vulnerabilities and challenges introduced into the enterprise through traditional applications, agile development frameworks, microservices, application programming interfaces (APIs), and cloud architectures. Additionally, the report proved that digital transformation initiatives are creating more insecure apps than ever before and increasing overall business risk.

Education and Certification

2018 saw WhiteHat continue its commitment to the education and training of the wider security and developer community, especially when the industry is faced with skills shortages in these critical functions of the digital era. WhiteHat held a new “Crash Course” series of webinars with application security engineer, Kimberly Chung, who runs the WhiteHat Academy. The series complements the successful WhiteHat Certified Secure Developer (WCSD) program. Additionally, WhiteHat offered an on-demand version of the “Security Addendum to the Twelve Factor App” based on the Twelve Factor App, a methodology that developers can apply to build SaaS apps that are both scalable and maintainable in a DevOps world.

Thought Leadership and Awards

A series of industry awards were bestowed upon WhiteHat in 2018, including being named a leader in application security in the second annual Cyber Defense Global Awards program from Cyber Defense Magazine; recognized as
a winner in the 2018 Cybersecurity Breakthrough Awards, as well as the industry’s leading information security research and advisory guide, Info Security Products Guide’s 2018 Global Excellence Awards.

Partner Development

After introducing its innovative WhiteHat Partner Network last year, WhiteHat inked partnerships with Bugcrowd, the leading crowdsourced security platform, to broaden the WhiteHat Sentinel™ application security testing portfolio with crowdsourced, continuous vulnerability testing, and Coalfire, a provider of cybersecurity advisory and assessment services.

To learn more about WhiteHat Security’s product offerings, visit

About WhiteHat Security

WhiteHat Security has honed its 17 years of experience in the application security space to provide developers with the tools and services they need to write and deliver the most secure software at the speed of business. The award-winning WhiteHat Application Security Platform, which has been featured on the Gartner Magic Quadrant for Application Security Testing for the last five years, is empowering true DevSecOps by continuously assessing the risk for organizations’ software assets and helping them to embed security throughout–and beyond– the software life cycle (SLC). The company is based in San Jose, California, with regional offices across the U.S. and Europe. For more information on WhiteHat Security, please visit, and follow us on TwitterLinkedIn, and Facebook.