• Support   |   Contact a Representative   |   Contact WhiteHat

• Website Risk Management
  • Asset Identification
  • Vulnerability Management
  • Reporting/Communication
  • Protection
• Sentinel Services
  • Cost-effective Solution
  • Benefits
  • Core Features
  • Selection Guidelines
  • Sentinel Premium Edition
  • Sentinel Standard Edition
  • Sentinel Baseline Edition
  • Sentinel for QA
  • PCI Compliance
  • Integration – via XML API
  • Certification Program
  • How Sentinel Works
  • WAF Integration
• Support Plus
  • Gold Service Level
  • Silver Service Level
  • Standard Service Level
  • Service Levels
• Education Services
  • Guidelines
  • Intro to Web App Security
  • Secure Coding for Java
  • .NET
• Events & News
  • News Coverage
  • Press Releases
  • Interviews
  • Awards
• Resources
  • Whitepapers
  • Webinars & Presentations
  • Jeremiah Grossman Blog
  • Website Statistics Report
  • Website Security Glossary
• Partners
  • Strategic Partners
  • Partner Application Form
  • Partner Portal Login
• About WhiteHat Security
  • Leadership Team
  • Board of Directors
  • Careers
  • Contact Us
  • Support

• Events & News
• News Coverage
• Press Releases
• Interviews
• Awards

Press Releases :: 2008 Announcements

WhiteHat Security Surpasses Recently Announced PCI DSS Requirement 6.6 Compliance Directives

WhiteHat Sentinel Service Ensures All Web-facing Applications Are Continuously Protected Against Attacks and Provides Compliance Validation

SANTA CLARA, Calif.—April 23, 2008 — WhiteHat Security, a leading provider of website security services, today announced WhiteHat Sentinel Service exceeds the Payment Card Industry (PCI) Security Standards Council (SSC) Data Security Standard (DSS) Requirement 6.6, which was clarified, posted and made publicly available on Tuesday, April 22, 2008.  WhiteHat Sentinel’s combination of advanced scanning technology with custom testing by the WhiteHat Security Operations Team ensures complete, verified website vulnerability management in compliance with PCI Requirement 6.6 as well as built-in, simple reporting capabilities for compliance validation.

PCI DSS Requirement 6.6 was designed to ensure the security of Merchant and Service Provider websites and specifies measures that must be taken to find and fix Web application flaws to prevent exploitation of common vulnerabilities.  Organizations with public-facing websites have until June 30, 2008 to meet PCI 6.6 compliance requirements.

Specific guidance clarifications for two options available to ensure PCI 6.6 requirements are now posted on the PCI SSC website.  As stated in the information supplement for PCI Requirement 6.6 Option 1, when properly implemented, the following alternatives, among others, provide adequate protection against common Web application threats:

• manual Web application security vulnerability assessment, and;
• proper use of automated Web application security vulnerability assessment tools.

PCI Requirement 6.6 documentation also states that all manual reviews and assessments must be conducted by a knowledgeable, well-equipped resource, whether internal or external to an organization.

The WhiteHat Sentinel Service exceeds PCI requirements by offering customers unlimited assessments by application security experts during their annual subscription period, with the ability to:

• detect vulnerabilities in Web-facing application code;
• prioritize, manage and remediate vulnerabilities; and,
• validate and document that vulnerabilities have been corrected.

In addition, Sentinel maps to PCI vulnerability severity levels for simplified customer reporting.

WhiteHat Sentinel can also assist customers beyond PCI Requirement 6.6 Option 1 with its ability to easily integrate with a Web Application Firewall (WAF) as is suggested in PCI Requirement 6.6 Option 2.  Implementation of the integrated WhiteHat Sentinel / F5 Application Security Manager WAF solution exceeds the recommendations of Section 6.6 by providing application scanning and code review by an application security specialist and installing a WAF in front of Web-facing applications for total website security.

WhiteHat Sentinel is currently available in two service levels, Standard Edition (SE) and Premium Edition (PE), for an annual subscription fee with tiered pricing based on the number of Web applications.  Contact the WhiteHat sales office at (408) 343-8300 for more information.

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of website security services. WhiteHat delivers turnkey solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the company’s flagship service, is the only solution that incorporates expert analysis and industry-leading technology to provide unparalleled coverage to protect critical data from attacks. For more information about WhiteHat Security, please visit our website.

All product and company names are trademarks of their respective companies.

Contact:
Dawn van Hoegaerden 
WhiteHat Security
408.343.8314

Rachel Miller
SHIFT Communications 
617-681-1256

###