SAN JOSE, Calif., March 19, 2019 — WhiteHat Security, the leading application security provider committed to securing digital business, today announced that both WhiteHat Sentinel Source Standard and Essential Editions received the highest OWASP Benchmark for Security Automation accuracy ratings of all static application security testing (SAST) solutions compared publicly. This accomplishment supports WhiteHat Security’s mission to help businesses build the most secure applications by providing the deepest coverage, faster speeds, and the highest accuracy available on the market.
The OWASP Benchmark is a free and open testing suite that evaluates how automated software vulnerability detection tools stack up in those three categories. It is considered neutral, well-respected and a true indicator of accuracy when comparing solutions. It calculates an overall score for a tool based on both true positive rate and false positive rate.
According to the most recent SAST evaluations, Sentinel Source Standard Edition (SE), WhiteHat Security’s full SAST offering that covers the deployment phase of the software life cycle (SLC), scored 77 percent, and Sentinel Source Essentials Edition (EE), which provides SAST for the DevOps build/test phase, received a 42 percent accuracy rating. For reference, the commercial average totaled just 26 percent.
The Sentinel Source SE solution scans applications’ entire source code, identifies vulnerabilities and provides detailed descriptions and remediation advice, as well as precise, ready-to-implement remediation solutions for certain vulnerabilities. The SE also comes with Threat Research Center-verified findings focused on high coverage and accuracy and delivered within 24 hours.
Sentinel Source EE’s findings are comprehensive and highly accurate due to the use of WhiteHat Security’s Attack Vector Intelligence (AVI) technology, which is a combination of human and machine intelligence. WhiteHat Security has the largest database of verified security vulnerabilities that helps WhiteHat Security’s AVI technology improve its accuracy. Discovered vulnerabilities are prioritized according to their severity, thus providing guidance on what should be remediated first.
“Having our experienced and efficient Threat Research Center engineers thoroughly vet vulnerabilities often saves organizations time compared to providing raw results fast that contain false positives,” said Monier Jalal, WhiteHat Security’s vice president of Products. “However, with the release of Sentinel Source EE, WhiteHat Security is the only vendor that offers customers the choice of full-service verification, or the ‘do it yourself’ approach. Adversaries are targeting vulnerable applications at an alarming rate, and the OWASP Benchmark accuracy ratings further show how WhiteHat Security is leading the effort to stem the tide of this alarming trend in the digital era.”
For more details, visit the WhiteHat Security blog: https://www.whitehatsec.com/blog/benchmarking-accuracy-automated-appsec-testing/.
About WhiteHat Security
WhiteHat Security has honed its 18 years of experience in the application security space to provide developers with the tools and services they need to write and deliver the most secure software at the speed of business. The award-winning WhiteHat Application Security Platform, which has been featured on the Gartner Magic Quadrant for Application Security Testing for the last five years, is empowering true DevSecOps by continuously assessing the risk for organizations’ software assets and helping them to embed security throughout –and beyond– the software life cycle (SLC). The company is based in San Jose, California, with regional offices across the U.S. and Europe. For more information on WhiteHat Security, please visit www.whitehatsec.com, and follow us on Twitter, LinkedIn and Facebook.