Mobile
12/12/2012
03:22 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

WhiteHat Security Brings New Standards To Mobile Application Security

Announces immediate availability of WhiteHat Sentinel Mobile

SANTA CLARA, Calif. – December 11, 2012 – WhiteHat Security, the Web security company, announced the immediate availability of WhiteHat Sentinel Mobile, a new mobile application assessment solution enabling businesses to test mobile applications wherever they reside: on the device or on a server. With this announcement, WhiteHat extends its support for mobile applications with new security offerings aimed at streamlining mobile security strategies for the enterprise and independent application developers.

"Mobile is clearly accelerating businesses' application development practices as it replaces the 'traditional' Web, but mobile security until now has not kept the needed pace to mitigate the added risk," said Stephanie Fohn, CEO of WhiteHat Security. "With Sentinel Mobile, we are offering businesses an advanced, platform-agnostic solution to efficiently evaluate all facets of in-house or third-party mobile applications, regardless of device or OS. Sentinel Mobile reflects our mission to offer the most rapid and effective solutions for securing the entire ecosystem of business applications and critical data."

The introduction of Sentinel Mobile extends WhiteHat's charter, namely to provide highly accurate and actionable application vulnerability information across today's increasingly rapid software development lifecycle (SDLC), to also encompass the growing mobile application market. As hundreds of the largest enterprises in the world, including two of the top three mobile phone manufacturers, already leverage WhiteHat Sentinel to assess, verify and report code-level flaws in their non-mobile applications – from development to production – the company anticipates strong traction for its new mobile offering.

"Mobile application security has seen too much confusion and fragmentation and not enough focus on where the heart of security problems truly lie," said Jerry Hoff, vice president, source code analysis division, WhiteHat Security. "The majority of mobile application problems live on the server-side and go unnoticed or untreated, creating even more attack surfaces to exploit. WhiteHat is elevating the mobile application security experience to address this using its leading Sentinel technology to test applications as they live on the phone or tablet, as well as the server-side components to mitigate businesses' risk."

The new Sentinel Mobile service enables businesses to:

Quickly assess scan all iOS, Android or other mobile apps in their environment

Evaluate device- and server-side code, both static and dynamic, and correlate the results

View mobile, native and Web application security postures relative to their business through a unified dashboard

Identify application-specific vulnerability trends to improve developer practices

Streamline application development and launch predictability by identifying problems earlier in the development lifecycle

Sentinel Mobile is available today as a stand-alone offering or as an addition to existing WhiteHat Sentinel deployments. As part of the Sentinel family of products, Sentinel Mobile utilizes the company's unique Threat Research Center to ensure all security data is fully accurate and actionable for businesses. For more information about today's announcement please visit the Sentinel Mobile website and the WhiteHat Security blog.

About WhiteHat Security

Founded in 2001 and headquartered in Santa Clara, California, WhiteHat Security provides end-to-end solutions for Web security. The company's cloud technology platform and leading security engineers turn verified security intelligence into actionable insights for customers. Through a combination of core products and strategic partnerships, WhiteHat Security provides complete Web security at a scale unmatched in the industry. WhiteHat Sentinel, the company's flagship product line, currently manages thousands of websites – including sites in the most regulated industries such as e-commerce, financial services and healthcare.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youre still focused on securing endpoints, youve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Cybercrime has become a well-organized business, complete with job specialization, funding, and online customer service. Dark Reading editors speak to cybercrime experts on the evolution of the cybercrime economy and the nature of today's attackers.