WhiteHat Adds Deeper Artifical Intelligence Capabilities for Sentinel DAST Solution for DevSecOps

September 7, 2018 Off By Hoofer
Written by David Marshall

WhiteHat Security announced that new, artificial intelligence (AI) software is being added to WhiteHat Sentinel Dynamic, its dynamic application security testing (DAST) solution, which draws from a data lake of 95 million identified vulnerabilities.  The enhancements will enable WhiteHat to provide high levels of accuracy in the shortest timeframe, which can traditionally only be achieved through fully automated testing with additional human verification.  Though human verification is always available to WhiteHat clients, the company will now offer fully AI-enabled verification, taking just seconds.  This will allow developers to create secure web applications at the fast pace demanded by modern businesses. 

AppSec teams are constantly caught between the need for proper security testing and the ability to allow developer teams to meet strict deadlines. AI software will dramatically decrease threat vector identification times and improve the efficiency of false positive identification. As a result, businesses will increase the speed at which developers are made aware of potential application security vulnerabilities and deliver real-time security risk assessments.


"Our new AI-based digital security technology directly addresses the biggest current challenge for DevSecOps- getting new applications to market at the pace demanded by business while thoroughly assessing potential security risks," said WhiteHat Security CEO Craig Hinkley. "This is important given the growing pressure to get applications into production in real time. When time is of the essence, it’s easy for developers to skip key security risk assessment procedures, but due to the speed and accuracy delivered by our AI-based offering, they can hit their tight production deadlines and still carry out comprehensive application security vulnerability checks."

The new AI capabilities complement WhiteHat Sentinel Dynamic’s risk assessment and enhance its ability to continuously scan for vulnerabilities and potential code changes.  In addition, Sentinel Dynamic customers will continue to have access to WhiteHat’s Threat Research Center security experts.

"451’s recent study, Voice of the Enterprise AI & Machine Learning: Adoption, Drivers and Stakeholders, 1H 2018, reveals that security is the second most important reason for applying machine learning in enterprises, and enterprises see it as a key use case for the next 2-3 years," said Daniel Kennedy, research director, Voice of the Enterprise: Information Security with 451 Research. "By applying programmatic techniques to the application vulnerability verification process, WhiteHat has leveraged its years of experience in application vulnerability management to augment human verification, saving staff time, which is in extremely short supply in the security space."


About the Author

David Marshall is an industry recognized virtualization and cloud computing expert, a ten time recipient of the VMware vExpert distinction, and has been heavily involved in the industry for the past 20 years.  To help solve industry challenges, he co-founded and helped start several successful virtualization software companies such as ProTier, Surgient, Hyper9 and Vertiscale. He also spent a few years transforming desktop virtualization while at Virtual Bridges.

David is also a co-author of two very popular server virtualization books: "Advanced Server Virtualization: VMware and Microsoft Platforms in the Virtual Data Center" and "VMware ESX Essentials in the Virtual Data Center" and the Technical Editor on Wiley’s "Virtualization for Dummies" and "VMware VI3 for Dummies" books.  David also authored countless articles for a number of well known technical magazines, including: InfoWorld, Virtual-Strategy and TechTarget.  In 2004, he founded the oldest independent virtualization and cloud computing news site, VMblog.com, which he still operates today.

Follow David Marshall

Twitter: @vmblog
LinkedIn: https://www.linkedin.com/in/davidmarshall
Blog: http://vmblog.com