WhiteHat Sentinel – Premium Edition   

WhiteHat Sentinel Premium Edition (PE) is ideal for Websites that are permanent, mission-critical, have rigorous compliance requirements and, in which, the company relies on serving its customers or business partners and has multi-step form-based processes.

PE includes testing for both technical and business logic vulnerabilities and custom testing is performed by the WhiteHat Security to manually identify business logic flaws. PE comes standard with verified vulnerability reporting. Uncovering these types of vulnerabilities requires manual review by website security experts who are capable of understanding things like account structures and the contextual logic in Web applications.

Business Logic Testing

WhiteHat Sentinel Premium Edition is unique in mapping out and testing custom business logic and application workflows, paying particular attention to privileges between roles and users. This type of testing is virtually impossible to automate without human context and understanding of your unique application. 

WhiteHat Security will map out your application, users, roles, and custom business workflow. WhiteHat Sentinel can then properly test your application for expected business behavior and understand the context of the results. Example application behavior that would be unexpected and unwanted by the business include:

  • Can a guest user access administrative functionality, like ‘create new admin’?
  • Can Rob view Sally's checking account, or use her coupon codes? 
  • Can a customer modify the cost of an item during checkout?

WhiteHat Security will work with you to ensure that the business logic vulnerabilities that WhiteHat Sentinel identifies are real and the intentions and risks associated with those vulnerabilities are understood by you.

  Sentinel PE Assesses for the Following Classes of Attacks
  Technical Vulnerabilities   Business Logic Flaws  
 

Command Execution
– Buffer Overflow
– Format String Attack
– LDAP Injection
– OS Commanding
– SQL Injection
– SSI Injection
– XPath Injection

Information Disclosure
– Directory Indexing
– Information Leakage
– Path Traversal
– Predictable Resource Location

Client-Side
– Content Spoofing
– Cross-site Scripting (XSS)
– HTTP Response Splitting

  

Authentication
– Brute Force
– Insufficient Authentication
– Weak Password
   Recovery Validation
– Cross-Site Request Forgery

Authorization
– Credential/Session Prediction
– Insufficient Authorization
– Insufficient Session Expiration
– Session Fixation

Logical Attacks
– Abuse of Functionality
– Denial of Service
– Insufficient Anti-automation
– Insufficient Process Validation

  

“The ability to leverage software vulnerability information from WhiteHat Sentinel integrated with Archer, enables DTCC to recognize the economic benefit of the completion of remediation tasks with assigned accountability. WhiteHat Sentinel provides excellent software vulnerability information by levels of risk that is aligned with an accountability model within Archer to manage risk and track key performance indicators to measure the health of the vulnerability management process.”

Jim Routh, CISO
Depository Trust & Clearing Corporation

 
 

 
Website Risk Management  |  Sentinel Services  |  Support Plus  |  Education Services  |  Events & News  |   Resources  |   Partners  |   About WhiteHat
2010 © Copyright  |  WhiteHat Security  |  3003 Bunker Hill Lane, Santa Clara, CA 95054  |  408.343.8300  |  Contact the Webmaster