• Support   |   Contact a Representative   |   Contact WhiteHat

• Website Risk Management
  • Asset Identification
  • Vulnerability Management
  • Reporting/Communication
  • Protection
• Sentinel Services
  • Cost-effective Solution
  • Benefits
  • Core Features
  • Selection Guidelines
  • Sentinel Premium Edition
  • Sentinel Standard Edition
  • Sentinel Baseline Edition
  • Sentinel for QA
  • PCI Compliance
  • Integration – via XML API
  • Certification Program
  • How Sentinel Works
  • WAF Integration
• Support Plus
  • Gold Service Level
  • Silver Service Level
  • Standard Service Level
  • Service Levels
• Education Services
  • Guidelines
  • Intro to Web App Security
  • Secure Coding for Java
  • .NET
• Events & News
  • News Coverage
  • Press Releases
  • Interviews
  • Awards
• Resources
  • Whitepapers
  • Webinars & Presentations
  • Jeremiah Grossman Blog
  • Website Statistics Report
  • Website Security Glossary
• Partners
  • Strategic Partners
  • Partner Application Form
  • Partner Portal Login
• About WhiteHat
  • Leadership Team
  • Board of Directors
  • Careers
  • Contact Us
  • Support

• About WhiteHat
• Leadership Team
• Board of Directors
• Careers
• Contact Us
• Support

About WhiteHat Security

Headquartered in Santa Clara, California, WhiteHat Security is the leading provider of website risk management solutions that protect critical data, ensure compliance and narrow the window of risk. Founded in 2001 by Jeremiah Grossman, a former Yahoo! information security officer, WhiteHat serves hundreds of customers in e-commerce, financial services, information technology and healthcare including many of the Fortune 1000. WhiteHat Sentinel, the company’s flagship product family, was launched in 2003.

WhiteHat Sentinel is the most accurate, complete and cost-effective website vulnerability management solution available. It delivers the visibility, flexibility, and control that organizations need to prevent website attacks. Furthermore, WhiteHat Sentinel includes a free open XML API to enable integration with development tools, security information and event management systems and Web application firewalls, among others.

Website Risk Management

Websites have emerged as the number one attack target of choice.  Attacks have moved from the well-defended network layer to the more accessible Web application layer that people use everyday to shop, bank, manage their healthcare, pay insurance, book travel and apply to college. 

The ramifications for companies that do not adequately protect and secure their websites are clear:  Loss of data, malware infection, loss of consumer confidence and failure to meet regulatory requirements.  No company can afford the black mark of a website hack.  With many states mandating full disclosure and the payment card industry and the federal government close behind with their own efforts at establishing security standards, the luxury of hoping an attacker will target someone else’s websites has passed. 

Industry Leadership

With more than 1,500+ websites under management, WhiteHat Security has an unrivaled real-world perspective on the evolution of website risk management. From its quarterly Website Security Statistics report, to CTO Jeremiah Grossman’s popular blog, WhiteHat is a leader in identifying the critical issues in website security.  This perspective translates directly into the continuous advancement of WhiteHat Sentinel, enabling it to consistently address the most challenging issues facing Web environments.  Esteemed organizations such as Deloitte, SC Magazine, the San Jose/Silicon Valley Business Journal, Gartner and the American Business Awards have all recognized WhiteHat’s innovation, executive leadership and execution in the website security market.

WhiteHat Sentinel

Built on a SaaS (Software-as-a-Service) – or Cloud-based technology platform, the WhiteHat Sentinel family combines advanced proprietary scanning technology with expert website security analysis, to enable customers to identify, prioritize, manage and remediate vulnerabilities as they occur. 

Unique to WhiteHat Security, every vulnerability discovered by any WhiteHat Sentinel Service is verified for accuracy and prioritized, virtually eliminating false positives and radically simplifying remediation.  In addition, all WhiteHat Sentinel services satisfy, and exceed, PCI 6.6 requirements for Web application security. 

WhiteHat Security offers WhiteHat Sentinel Service at three service levels:

• Sentinel Premium Edition (PE) is ideal for Websites that are permanent, mission-critical, have rigorous compliance requirements and, in which, the company relies on serving its customers or business partners and has multi-step form-based processes.

• Sentinel Standard Edition (SE) is designed for websites that are a permanent fixture in a customer’s online experience, but is not necessarily mission-critical and which has multi-step form-based processes.

• Sentinel Baseline Edition (BE) is an automated solution for Websites that are seasonal or temporary in nature, due to a company’s time-sensitive marketing campaign, it has limited or relatively shallow use of forms and has limited or no customer or user log-ins.

WhiteHat Sentinel Reporting/Communication via Open XML Web API

WhiteHat Sentinel integrates with industry leading bug tracking, security information and event management (SIEM) and Web application firewall (WAF) products, allowing website security data to be shared and practically employed within an organization. For the first time, website security can be integrated into an organization’s operations, delivering new levels of visibility and control to different business stakeholders, including risk management and compliance, product management and software development teams.

Organizations have greater insight into their risk posture and can take corrective action, while communicating that action across the different security tools in their infrastructure. 

Website Protection

The Protection phase recognizes three different ways to manage website vulnerabilities:  developer-driven remediation, improved security education and training, virtual patching via WAFs.

By providing developers with accurate and actionable website vulnerability reports and education, developers become more willing teammates in the website risk management challenge. WhiteHat Education Services provides the up-to-date knowledge and skills required to understand and deliver meaningful security measures. 

Integration of WAFs (from Breach Security, F5 Networks, and Imperva) with WhiteHat Sentinel detects and defends website vulnerabilities much more efficiently, and resolves the disconnect between compliance intentions and actual security. With virtual patching, the entire industry is brought to a new level of website protection, with extreme accuracy and efficiency – delivering rapid identification and immediate repair of vulnerabilities.