Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

TECH DIGITAL RESOURCE LIBRARY

WhiteHat Security

WhiteHat Security has been in the business of securing web applications for 17 years. Combining advanced technology with the expertise of its global Threat Research Center (TRC) team, WhiteHat delivers application security solutions that reduce risk, reduce cost and accelerate the deployment of secure applications and web sites. The company's flagship product, WhiteHat Sentinel, is a software-as-a-service platform providing dynamic application security testing (DAST), static application security testing (SAST), and mobile application security assessments. The company is headquartered in San Jose, Calif., with regional offices across the U.S. and Europe.

Our Website: https://www.whitehatsec.com


Latest Content From WhiteHat Security

Research Report: 2019 Stats Report: The DevSecOps Approach

by WhiteHat SecurityAug 13, 2019

WhiteHat Security is now a wholly-owned, independent subsidiary of NTT Security. With this strategic development, we are able to combine the global reach of NTT with WhiteHat's deep expertise in application security. As a result, our research now offers the most comprehensive perspective on the current state of application security, as well as recommendations on how to implement DevSecOps effectively.

The 2019 WhiteHat Application Security Statistics report looks at our underlying application security data to derive conclusions, identify trends and highlight what's working and what's not when it comes to DevSecOps and secure application delivery. This report is the product of data analysis derived from evaluating data from approximately 17 million application security scans performed by organizations in 2018.

Why Read This Report?
Application Security has become critical to business success
The cliche 'there's an app for that' underlies today's business maxim: applications are at the foundation of today's enterprise. As the digital transformation continues, organizations are beginning to realize that security is not merely another table stake, it's the timber the rest of the organization is built upon.

Pace and rate of change in today's application development are blindingly fast
Apps are now the way to out-innovate competition across industries which is why teams are increasingly focused on time-to-market and time-to-value when it comes to application development.

Security & DevOps are converging - and an approach for success has emerged
The phased approach to DevSecOps we outline in this year's report is a macro-trend that supports the Security and DevOps convergence, and empowers teams to deliver better performing and more secure apps - and meet the goal of rapid innovation and reliable service delivery.

Who Should Read This Report?
For Business Decision Makers...
How to measure the effectiveness of your application security investment to help mitigate overall business risk.

For Security Professionals...
How to best defend your applications by evaluating how your vulnerability levels and remediation times compare with industry benchmarks.

For Application Development and Operation Teams...
How to develop software more securely by partnering with the security team to adopt tools and methodologies compliant with your software development lifecycle (SLC).


Whitepaper: IDC SpotLight: Protecting Against Threats with Application Security Testing

by WhiteHat SecurityJul 03, 2019

Application security testing will play a major role in the next generation of security architecture. This IDC Technology Spotlight looks at the role of WhiteHat Security in the marketplace for application security testing solutions.


Whitepaper: Know your Risk to Make Strategically Smart Decisions on Application Security

by WhiteHat SecurityJul 03, 2019

Web application security has become a critical issue for organizations of all sizes, and yet security organizations today are often understaffed for the job they're assigned to do. That's partly because there has been an explosion of web applications. In the past, an organization might need to scan its top five enterprise applications for vulnerabilities. Now organizations need to understand risk profiles for dozens, hundreds, or thousands of applications in production.

With the increase in the number of applications, a tremendous number of vulnerabilities are going unmitigated or unremediated, simply because there are more vulnerabilities than any organization has the time or staff to fix. And while the number of applications to manage has grown, the size of the security staff has not.

This paper describes such a risk-based approach, which can lead to better strategic decisions and enhance the ability of security organizations to succeed in their mission of securing web applications.


Whitepaper: Definitive Guide to Securing DevOps

by WhiteHat SecurityApr 26, 2019

It's time to shift security left to secure DevOps. Learn how to integrate security across the software lifecycle based on aligning the DevOps' core principles.

Take a securing DevOps journey from DevOps to DevSecOps. From this book, you'll learn how - and why - to integrate security into the SLC and Cl/CD. As discussed in detail, this journey starts with the proper alignment of security with the principles of DevOps, including implementing security policy as code and a significant security shift left. Successfully securing DevOps is about continuously applying respective security controls along the entire SLC, and balancing speed of detection and mitigation with accuracy and breadth of coverage.

About the Authors:
Ted Ritter, CISSP, is an independent security writer. Ted has 10+ years of experience working for security companies in commercial, Federal, and global markets.

Joseph Feiman, PhD is Chief Strategy Officer at WhiteHat Security and is responsible for WhiteHat's overarching business strategy and vision.


Whitepaper: 451 Report: Securing open source: Software composition analysis comes into its own

by WhiteHat SecurityApr 26, 2019

In part 1 of this report, we took a look at the factors driving the recent upsurge of attention given to open source security.

Now, in part 2, we look specifically at software composition analysis, a technology segment that has arisen to deal specifically with managing some of open source's most serious risks.

Read this report to explore the key values of managing security vulnerabilities, license complications and administrative complexities that are driving the adoption of SCA. We'll also take a look at sample vendors, and what we expect in SCA going forward.

This report examines how SCA revolves around three fundamental realms of capability:
•Identifying and resolving security vulnerabilities in the open source components on which software is increasingly built
•Addressing the impact of open source licenses on software projects
•Managing the range and complexity of SCA involvement across the software spectrum


Whitepaper: The State of Application Security and How to Improve it

by WhiteHat SecurityDec 14, 2018

This report on the State of Application Security and How to Improve It from UBM and WhiteHat Security examines the trends in application security to understand both the state of existing application security programs and how security and development teams work together to try and determine the barriers to better software development. The results shine a light on why most software continues to have security vulnerabilities, but also highlight the good news that security budgets increasingly are being allocated toward securing applications.

This report:
• Looks at the challenges faced by development and security teams
• Reviews security tools being used in development and uncovers why so many projects continue to fail at delivering secure software
• Examines the areas of development where organizations can improve their application security posture
• Emphasizes how application security tools and services, and their integration into development, are key to releasing bug-free software
• Explains how automated security tools can free up developers from many time-consuming, security-related tasks


Whitepaper: The No BS Guide to Static Application Security Testing (SAST)

by WhiteHat SecurityOct 18, 2018

While board level executives understand the concepts and terms used in Network Security or Perimeter Security, Application Security, as a concept and discipline, is not quite firmly defined. AppSec is much different than other security domains, so applying standard methods from them don't necessarily address the unique challenges that AppSec can bring. An effective solution relies heavily on process diligence in combination with ongoing training and developer guidance within the development and security organizations.

We don't have to look very far to see that applications have been under full-blown frontal assaults. Network security is everywhere. We have all been hyperaware of securing the perimeter and having our firewalls on high alert at all times.

Download this informative guide to learn about initiating a successful application security program, including:
• Make application security visible to security and development organizations.
• Provide guidance for building and managing application security processes.
• Measure and manage application security risks and processes.
• Prioritize vulnerability remediation based on risk exposure to the business.
• Institute application security training for developers and managers.
• Assure compliance of applications with security regulations for privacy, data protection and information security.


Whitepaper: Getting the Board Onboard with Application Security

by WhiteHat SecurityOct 12, 2018

It can be a big challenge to get board members to recognize the importance of application security, especially given the components that may not be under the widely known umbrella of perimeter security. Given that the number of breaches to the application layer have increased substantially over the years, it's now become blatantly obvious that organizations need to evaluate their application security program and investments more effectively.

This needs to be everyone's responsibility--including the Board's.

Download this paper to learn how to:
• Educate your board of directors about cybersecurity and get buy-in
• Incorporate AppSec into network security practices
• Make AppSec visible to executives, and across your security and development organizations
• Shift to DevSecOps: Support security AND development


Research Report: 2018 Report: The Evolution of the Secure Software Lifecycle

by WhiteHat SecurityOct 12, 2018

This year WhiteHat has partnered with strategic partners Coalfire and NowSecure to produce the 2018 Application Security Statistics Report. We analyzed data from over 20,000 applicants and provide the most comprehensive view of application security available today.

It has become obvious -- the successful organizations take a systemic, risk-based approach to evaluating cybersecurity vulnerabilities and addressing these pan-organizationally -- as they would address any other market-oriented business risk.

With these insights, business leaders can orchestrate better risk outcomes for their applications and their business.

Why Read This Report?

Apps are the digital foundation of your business.

With the widespread adoption of Cloud, Microservices and APIs, these applications have now grown into full-blown inter-operating ecosystems. Pinpointing how these new architectures impact security is essential, yet remediating all vulnerabilities still proves challenging. Despite more investment, apps remain secure.

According to the 2018 Verizon Data Breach Investigations Report, web applications were the biggest target for data breaches (again), and high for incidents. WhiteHat agrees that the state of application security has progressively deteriorated year-over-year. The two macro indicators of the state of application security, namely average number of serious vulnerabilities per site and Window of Exposure, have trended in the wrong direction over the last year.

A new, fully-integrated approach is needed.

This report is the largest and most accurate application security report that aims to educate decision makers, security professionals, and application developers on how to tackle application security challenges from both technological and organizational perspectives. We share how you can take advantage of the evolutionary changes within the SDLC to better secure the applications at each stage.

Who Should Read This Report?

For Business Decision Makers
How to measure the effectiveness of your application security investment to help mitigate overall business risk.

For Security Professionals
How to defend your applications by evaluating how your vulnerability levels and remediation times compare with industry benchmarks.

For Application Development and Operations Teams
How to develop software more securely by partnering with the security team to adopt tools and methodologies compliant with your software development lifecycle (SDLC).


Whitepaper: Design Secure Software from the First Line of Code

by WhiteHat SecurityOct 12, 2018

Have you ever discovered flaws in your applications after they've been released to the public? As developers push applications out the door at increasingly faster rates, it's crucial that security vulnerabilities are discovered during the development process. Because by the time security teams uncover these flaws, costs of remediating vulnerabilities skyrocket and development teams are onto the next sprint.

Download this white paper for keen insights into:
• Why security needs to shift further left in the software development lifecycle
• How to empower developers to write secure software
• How forward-thinking organizations are adopting a DevSecOps approach
• An unmatched way to develop more secure applications in the age of DevOps and Continuous Integration / Continuous Delivery (CI/CD)

Be one of the few organizations that have evolved their security to integrate with the DevOps best practices.