Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


WhiteHat Security

WhiteHat Security has been in the business of securing web applications for 17 years. Combining advanced technology with the expertise of its global Threat Research Center (TRC) team, WhiteHat delivers application security solutions that reduce risk, reduce cost and accelerate the deployment of secure applications and web sites. The company's flagship product, WhiteHat Sentinel, is a software-as-a-service platform providing dynamic application security testing (DAST), static application security testing (SAST), and mobile application security assessments. The company is headquartered in San Jose, Calif., with regional offices across the U.S. and Europe.

Our Website:

Latest Content From WhiteHat Security

Whitepaper: IDC SpotLight: Protecting Against Threats with Application Security Testing

by WhiteHat SecurityJul 03, 2019

Application security testing will play a major role in the next generation of security architecture. This IDC Technology Spotlight looks at the role of WhiteHat Security in the marketplace for application security testing solutions.

Whitepaper: Know your Risk to Make Strategically Smart Decisions on Application Security

by WhiteHat SecurityJul 03, 2019

Web application security has become a critical issue for organizations of all sizes, and yet security organizations today are often understaffed for the job they're assigned to do. That's partly because there has been an explosion of web applications. In the past, an organization might need to scan its top five enterprise applications for vulnerabilities. Now organizations need to understand risk profiles for dozens, hundreds, or thousands of applications in production.

With the increase in the number of applications, a tremendous number of vulnerabilities are going unmitigated or unremediated, simply because there are more vulnerabilities than any organization has the time or staff to fix. And while the number of applications to manage has grown, the size of the security staff has not.

This paper describes such a risk-based approach, which can lead to better strategic decisions and enhance the ability of security organizations to succeed in their mission of securing web applications.

Whitepaper: Definitive Guide to Securing DevOps

by WhiteHat SecurityApr 26, 2019

It's time to shift security left to secure DevOps. Learn how to integrate security across the software lifecycle based on aligning the DevOps' core principles.

Take a securing DevOps journey from DevOps to DevSecOps. From this book, you'll learn how - and why - to integrate security into the SLC and Cl/CD. As discussed in detail, this journey starts with the proper alignment of security with the principles of DevOps, including implementing security policy as code and a significant security shift left. Successfully securing DevOps is about continuously applying respective security controls along the entire SLC, and balancing speed of detection and mitigation with accuracy and breadth of coverage.

About the Authors:
Ted Ritter, CISSP, is an independent security writer. Ted has 10+ years of experience working for security companies in commercial, Federal, and global markets.

Joseph Feiman, PhD is Chief Strategy Officer at WhiteHat Security and is responsible for WhiteHat's overarching business strategy and vision.

Whitepaper: 451 Report: Securing open source: Software composition analysis comes into its own

by WhiteHat SecurityApr 26, 2019

In part 1 of this report, we took a look at the factors driving the recent upsurge of attention given to open source security.

Now, in part 2, we look specifically at software composition analysis, a technology segment that has arisen to deal specifically with managing some of open source's most serious risks.

Read this report to explore the key values of managing security vulnerabilities, license complications and administrative complexities that are driving the adoption of SCA. We'll also take a look at sample vendors, and what we expect in SCA going forward.

This report examines how SCA revolves around three fundamental realms of capability:
•Identifying and resolving security vulnerabilities in the open source components on which software is increasingly built
•Addressing the impact of open source licenses on software projects
•Managing the range and complexity of SCA involvement across the software spectrum

Whitepaper: The State of Application Security and How to Improve it

by WhiteHat SecurityDec 14, 2018

This report on the State of Application Security and How to Improve It from UBM and WhiteHat Security examines the trends in application security to understand both the state of existing application security programs and how security and development teams work together to try and determine the barriers to better software development. The results shine a light on why most software continues to have security vulnerabilities, but also highlight the good news that security budgets increasingly are being allocated toward securing applications.

This report:
• Looks at the challenges faced by development and security teams
• Reviews security tools being used in development and uncovers why so many projects continue to fail at delivering secure software
• Examines the areas of development where organizations can improve their application security posture
• Emphasizes how application security tools and services, and their integration into development, are key to releasing bug-free software
• Explains how automated security tools can free up developers from many time-consuming, security-related tasks

Whitepaper: The No BS Guide to Static Application Security Testing (SAST)

by WhiteHat SecurityOct 18, 2018

While board level executives understand the concepts and terms used in Network Security or Perimeter Security, Application Security, as a concept and discipline, is not quite firmly defined. AppSec is much different than other security domains, so applying standard methods from them don't necessarily address the unique challenges that AppSec can bring. An effective solution relies heavily on process diligence in combination with ongoing training and developer guidance within the development and security organizations.

We don't have to look very far to see that applications have been under full-blown frontal assaults. Network security is everywhere. We have all been hyperaware of securing the perimeter and having our firewalls on high alert at all times.

Download this informative guide to learn about initiating a successful application security program, including:
• Make application security visible to security and development organizations.
• Provide guidance for building and managing application security processes.
• Measure and manage application security risks and processes.
• Prioritize vulnerability remediation based on risk exposure to the business.
• Institute application security training for developers and managers.
• Assure compliance of applications with security regulations for privacy, data protection and information security.

Whitepaper: Getting the Board Onboard with Application Security

by WhiteHat SecurityOct 12, 2018

It can be a big challenge to get board members to recognize the importance of application security, especially given the components that may not be under the widely known umbrella of perimeter security. Given that the number of breaches to the application layer have increased substantially over the years, it's now become blatantly obvious that organizations need to evaluate their application security program and investments more effectively.

This needs to be everyone's responsibility--including the Board's.

Download this paper to learn how to:
• Educate your board of directors about cybersecurity and get buy-in
• Incorporate AppSec into network security practices
• Make AppSec visible to executives, and across your security and development organizations
• Shift to DevSecOps: Support security AND development

Research Report: 2018 Report: The Evolution of the Secure Software Lifecycle

by WhiteHat SecurityOct 12, 2018

This year WhiteHat has partnered with strategic partners Coalfire and NowSecure to produce the 2018 Application Security Statistics Report. We analyzed data from over 20,000 applicants and provide the most comprehensive view of application security available today.

It has become obvious -- the successful organizations take a systemic, risk-based approach to evaluating cybersecurity vulnerabilities and addressing these pan-organizationally -- as they would address any other market-oriented business risk.

With these insights, business leaders can orchestrate better risk outcomes for their applications and their business.

Why Read This Report?

Apps are the digital foundation of your business.

With the widespread adoption of Cloud, Microservices and APIs, these applications have now grown into full-blown inter-operating ecosystems. Pinpointing how these new architectures impact security is essential, yet remediating all vulnerabilities still proves challenging. Despite more investment, apps remain secure.

According to the 2018 Verizon Data Breach Investigations Report, web applications were the biggest target for data breaches (again), and high for incidents. WhiteHat agrees that the state of application security has progressively deteriorated year-over-year. The two macro indicators of the state of application security, namely average number of serious vulnerabilities per site and Window of Exposure, have trended in the wrong direction over the last year.

A new, fully-integrated approach is needed.

This report is the largest and most accurate application security report that aims to educate decision makers, security professionals, and application developers on how to tackle application security challenges from both technological and organizational perspectives. We share how you can take advantage of the evolutionary changes within the SDLC to better secure the applications at each stage.

Who Should Read This Report?

For Business Decision Makers
How to measure the effectiveness of your application security investment to help mitigate overall business risk.

For Security Professionals
How to defend your applications by evaluating how your vulnerability levels and remediation times compare with industry benchmarks.

For Application Development and Operations Teams
How to develop software more securely by partnering with the security team to adopt tools and methodologies compliant with your software development lifecycle (SDLC).

Whitepaper: Design Secure Software from the First Line of Code

by WhiteHat SecurityOct 12, 2018

Have you ever discovered flaws in your applications after they've been released to the public? As developers push applications out the door at increasingly faster rates, it's crucial that security vulnerabilities are discovered during the development process. Because by the time security teams uncover these flaws, costs of remediating vulnerabilities skyrocket and development teams are onto the next sprint.

Download this white paper for keen insights into:
• Why security needs to shift further left in the software development lifecycle
• How to empower developers to write secure software
• How forward-thinking organizations are adopting a DevSecOps approach
• An unmatched way to develop more secure applications in the age of DevOps and Continuous Integration / Continuous Delivery (CI/CD)

Be one of the few organizations that have evolved their security to integrate with the DevOps best practices.

Whitepaper: Securing your Code for GDPR Compliance

by WhiteHat SecurityOct 12, 2018

Writing code for compliance standards is still a young discipline; while PCI DSS has provided directives for applications security testing and check, GDPR has been less specific with its directive that new portals, websites, and applications which touch EU Citizen data be developed according to the principles of Privacy by Design.

What does that mean to the Application and Solution Architect? It means they need to figure out how to secure all future releases of applications, both web and mobile, to incorporate security by design in stages all the way through the SDLC from inception into production and end of life.

It is not a trivial task to changes the mindset of Developers and Architects, and to make major changes toward a secured Software Development Lifecycle (SDLC). Learn how to bridge the communication gap by helping developers understand that adding security as an essential to every application and will reduce testing churn while speeding time to release.

Management, Engineering, Product, and Security, need to speak the language of the developer to support their daily tasks using a language they understand.

Read this whitepaper to learn more about
• How to create and manage a sustained program for GDPR application security compliance
• What non-functional requirements are, as opposed to functional
• Showing the map of data flows in design for multiple audiences
• How to select a testing strategy and tools
• Remediation vs. mitigating options -- how to band-aid over a problem (for now)
• Integrating application security testing into daily security operations