Threat Research Center
Meet the WhiteHat Security Threat Research Center (TRC) – team of website security experts who act as a critical and integral component of the WhiteHat Sentinel family.
The TRC acts as an extension of your website security team – actively managing your risk posture so you can focus on technology and business goals.
Detection & Management
Unbeatable Vulnerability Detection
All vulnerabilities reported by the WhiteHat Sentinel service are identified by state-of-the-art vulnerability tests and verified by the expert security engineers of the TRC. The WhiteHat Sentinel vulnerability database combines knowledge of more than 26 million vulnerability patterns with proprietary algorithms to distinguish which vulnerabilities detected are real and exploitable. This one-of-a-kind solution virtually eliminates false positives, a bane for website security professionals.
The Ultimate in Expert Management
The WhiteHat Security Threat Research Center is comprised of the industry’s top website security engineers, who are assessing thousands of the world’s largest websites. The TRC ensures that any website risk management program is effective and efficient by providing ongoing vulnerability detection and verification that cannot be accomplished by scanners or consultants alone. In addition, combined with WhiteHat Sentinel, the TRC provides enterprises with continuous and current website security that consultants cannot feasibly provide on their own.
Business Logic Testing
WhiteHat Sentinel has a unique methodology for mapping out and testing custom business logic and application workflows, and validates account privileges across roles and between users. This type of configuration and testing is virtually impossible to automate and can only be achieved with context analysis by security engineers who can analyze custom websites. The TRC will configure Sentinel to map out the Web application, users, roles, and custom business workflow. The Threat Research Center will also help you prioritize your vulnerabilities based upon business goals and intentions.
Scanner Automation Configuration
& Active, Daily Management
Scanner Configuration and Ongoing Tuning
Configuring Web application scanners on an ongoing basis is a time consuming and expensive effort – it also requires extensive knowledge of scanner configuration techniques and the custom Web application workflow. Included with the Sentinel service, the TRC performs this work for you by monitoring, tuning, and customizing scans to assure production safe, consistent, and thorough coverage.
When using automated scanners, it is a challenge to ensure that they use the right user credentials to log in, maintain state, and test the entire application as thoroughly as a logged-in user. WhiteHat Sentinel maintains user credentials in one interface, and allows you to describe the user’s role, privilege expectations, specific login locations, and any special privileges that should be tested under that user account.
Complex Scanner Training (Forms, Ajax, Flash)
TRC engineers review all forms, Ajax/Web 2.0 requests, and RIA (rich Internet applications, e.g. Flash), to ensure that Sentinel can properly and safely test them. Additionally, the TRC trains Sentinel to find and test links generated by, or hidden behind, new website technologies that traditional scanners have a difficult time testing.
The TRC gives WhiteHat Sentinel users increased confidence in their website security efforts. With the TRC, Sentinel customers can be sure of the accuracy, efficacy and reliability of their website risk management program.
“The level of expertise that makes up the TRC is truly remarkable. Automated scanners or consultants cannot come close to replicating the kind of research, effort and value they bring to the table. Combined, the TRC has more than 50 years in training and specific experience in website security attack techniques. They also have first-hand experience with leading software development frameworks, design patterns, and implementation practices, as they relate to security. At the end of the day, the WhiteHat Security Threat Research Center lets customers sleep a little better at night knowing they have the best website risk management program possible.”
– Bill Pennington
Chief Strategy Officer,