Sentinel Services

Sentinel Premium Edition

WhiteHat Sentinel Premium Edition (PE) is ideal for websites that are permanent, mission-critical, have rigorous compliance requirements, and that the company relies on to serve customers or business partners. These websites also have multi-step form-based processes.

PE includes testing for both technical and business logic vulnerabilities. WhiteHat's Threat Research Center performs manual custom testing to identify business logic flaws. The WhiteHat Security experts who uncover these types of vulnerabilities are capable of understanding account structures, contextual logic, and similar characteristics of Web applications. PE comes standard with verified vulnerability reporting.

Sentinel PE Assesses for the Following Vulnerabilities
TECHNICAL VULNERABILITIES
WASC Threat Classification
Command Execution Buffer Overflow OS Command Injection Xpath Injection Information Disclosure Directory Indexing Predictable Resource Location Client-Side Content Spoofing	Format String Attack SQL Injection Information Leakage Cross Site Scripting	LDAP Injection SSI Injection Directory Traversal HTTP Response Splitting
OWASP Top 10
A1 - Injection A2 - Cross Site Scripting A4 - Insecure Direct Object References A6 - Security Misconfiguration A7 - Insecure Cryptographic Storage A8 - Failure to Restrict URL Access A9 - Insufficient Transport Layer Protection A10 - Unvalidated Redirects and Forwards
BUSINESS LOGIC FLAWS
WASC Threat Classification		OWASP TOP 10
Authentication Brute Force Recovery Validation Authorization Credential/Session Prediction Logical Attacks Abuse of Functionality Insufficient Process Validation	Insufficient Authorization Cross Site Request Forgery Insufficient Session Expiration Denial of Service	Weak Password Session Fixation Insufficient Anti-Automation
OWASP Top 10
A3 - Broken Authentication and Session A4 - Insecure Direct Object References A5 - Cross-Site Request Forgery A8 - Failure to Restrict URL Access

Business Logic Testing

WhiteHat Sentinel Premium Edition is unique in mapping out and testing custom business logic and application workflows, paying particular attention to privileges between roles and users. This type of testing is virtually impossible to automate without human context and understanding of your unique application.

WhiteHat Security will map out your application, users, roles, and custom business workflow. WhiteHat Sentinel can then properly test your application for expected business behavior and understand the context of the results. Example application behavior that would be unexpected and unwanted by the business include:

Can a guest user access administrative functionality, like ‘create new admin’?
Can Rob view Sally's checking account, or use her coupon codes?
Can a customer modify the cost of an item during checkout?

WhiteHat Security will work with you to ensure that the business logic vulnerabilities that WhiteHat Sentinel identifies are real and the intentions and risks associated with those vulnerabilities are understood by you.

“The ability to leverage software vulnerability information from WhiteHat Sentinel integrated with Archer, enables DTCC to recognize the economic benefit of the completion of remediation tasks with assigned accountability. WhiteHat Sentinel provides excellent software vulnerability information by levels of risk that is aligned with an accountability model within Archer to manage risk and track key performance indicators to measure the health of the vulnerability management process.”

Jim Routh, CISO
Depository Trust & Clearing Corporation