• Support Plus   |   Contact a Representative   |   Contact WhiteHat

• Website Risk Management
  • Asset Identification
  • Vulnerability Management
  • Reporting/Communication
  • Protection
• Sentinel Services
  • Cost-effective Solution
  • Benefits
  • Core Features
  • Unique Methodology
  • Selection Guidelines
  • Sentinel Premium Edition
  • Sentinel Standard Edition
  • Sentinel Baseline Edition
  • Sentinel for QA
  • PCI Compliance
  • Integration – via XML API
  • Certification Program
  • How Sentinel Works
  • WAF Integration
• Support Plus
  • Gold Service Level
  • Silver Service Level
  • Standard Service Level
  • Service Levels
• Education Services
  • Onsite Training
  •    Guidelines
  •    Building Secure Web Applications
  •    Adv. Secure Coding for Java
  •    Adv. Secure Coding for .NET
  • e-Learning
  •    Intro to Web App Security
  •    Secure Coding for Java
  •    Secure Coding for .NET
  •    Threat Modeling
• Events & News
  • News Coverage
  • Press Releases
  • Interviews
  • Awards
  
  
  
  • Sentinel Videos
• Resources
  • Whitepapers
  • Webinars & Presentations
  • Jeremiah Grossman Blog
  • Website Statistics Report
  • Website Security Glossary
• Partners
  • Strategic Partners
  • Partner Application Form
  • Partner Portal Login
• About WhiteHat Security
  • Leadership Team
  • Board of Directors
  • Success Stories
  • Careers
  • Contact Us
  • Support

• Sentinel Services
• Cost-effective Solution
• Benefits
• Core Features
• Unique Methodology
• How Sentinel Works
• Selection Guidelines
• Sentinel Premium Edition
• Sentinel Standard Edition
• Sentinel Baseline Edition
• Sentinel for QA
• PCI Compliance
• Integration – via XML API
• Certification Program
• WAF Integration

PCI Compliance

Regardless of industry or size, all companies are faced with the seemingly overwhelming task of protecting their websites and meeting various compliance requirements. Both internal and public-facing websites are covered under different sections of the Payment Card Industry Data Security Standard (PCI DSS) and as new sections appear, companies need to ensure that their current website risk management program helps them meet the necessary requirements.

WhiteHat Sentinel allows organizations to conduct the most complete vulnerability assessments – as often as they’d like or every time a website is changed - ensuring that all existing and new vulnerabilities are identified and assessed. WhiteHat Sentinel combines highly advanced scanning technology with expert website security analysis, allowing customers to quickly and easily identify, prioritize and remediate website vulnerabilities.WhiteHat’s patented methodology exceeds the strictest industry standards as established by the PCI Security Standards Council, founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

The WhiteHat Sentinel product family is composed of Software-as-a-Service (SaaS) website security solutions that deliver the visibility, flexibility, and manageability that organizations need to take control of website security and prevent Web attacks. WhiteHat Sentinel was built from the ground up to assess the largest and most complex websites in the world on an ongoing basis, and today executes rigorous and ongoing security testing on thousands of the world’s leading websites, including many Fortune 500 companies.

Satisfying the Auditors

No matter how well or how often you assess your websites, new vulnerabilities will be found. This makes satisfying your auditor’s quarterly PCI 6.6 requirements a “can’t win” situation. Current scanning options will generate a large volume of vulnerabilities, leading to a mad rush by developers to try and fix them in time. Added to that mix is the burden of filtering through the terrific volume of false positives generated. This can lead to application security paralysis. So, what do you do?

By integrating WhiteHat Sentinel with Web application firewalls (WAFs), virtual patching becomes the logical choice. WhiteHat Sentinel enables Web application vulnerability assessments on demand, or typically on a weekly basis. WAF policies are then updated with WhiteHat Sentinel’s precise vulnerability rules, allowing the WAF to create laser-focused virtual patches. With a virtual patch in place, developers regain the time they need to fix the problem, and the security team has the report to pass auditor inspections.

Exceeding PCI 6.6 Requirements

The WhiteHat Sentinel Service exceeds PCI requirements by offering customers unlimited scanning during its annual subscription period. WhiteHat Sentinel PE and SE exceed requirements 6.3.7b, 6.5 and 6.6 of the PCI DSS by providing ongoing, verified vulnerability assessments for both internal and public websites. Sentinel PE satisfies requirement 11.3.2 which mandates application-layer penetration testing. In addition, Sentinel maps to PCI vulnerability severity levels for simplified customer reporting.

Satisfy the requirements of PCI DSS Section 6.6 with a WAF

Implementation of the joint WhiteHat Sentinel / WAF solution exceeds the recommendations of Section 6.6 by providing application scanning and code review by an application security specialist and installing a WAF in front of Web-facing applications.