WhiteHat boosts SAST services portfolio
WhiteHat Security recently expanded its portfolio of static application security testing (SAST) services with the addition of Sentinel Source for Microservices, which is aimed at companies currently embracing microservices-based architecture.
Microservices architecture involves piecemealing large-scale monolithic code into isolated chambers known as containers. Containers serve as a kind of lightweight virtualization, which include everything necessary to run an application, such as memory and compute. With this technology, service providers can deploy multiple applications on a single host operating system (OS). Since containers share the same OS, however, they also tend to be more vulnerable to security threats.
According to WhiteHat, its new solution scans microservices code to pinpoint vulnerabilities, provide detailed descriptions and remediation advice. Among key features of Sentinel Source for Microservices include the ability to review code at any point in the development cycle, run scheduled or on demand assessments, preserve an organization’s intellectual property, and keep tabs on the latest attacks using Rule Packs.
“Working in partnership with our customers, we’ve been able to assess the application security needs of real-world microservices-based implementations,” said Setu Kulkarni, vice president of corporate and product strategy at WhiteHat, in a statement. “DevOps teams need a SAST solution that can scale up or down with them. With Sentinel Source for Microservices, our customers can enjoy the benefits of a world-class SAST solution and an innovative licensing model that doesn’t lock them into having to anticipate size of applications or the number of microservices, and then suffer budget overruns when they exceed their projections.”
What makes the new solution unique, according to the company, is the ability to provide nearly no false positives when scanning code. It also offers broad language and repository coverage, in addition to software composition analysis for scanning third-party code. Users can take reference security engineers in the Threat Research Center as well, who validate all vulnerabilities and provide ongoing support via the solution’s “Ask-a-Question” feature.
“As an IT systems integrator with deep security expertise, we’ve had a front row seat to the emergence of DevOps and microservices, and to the security challenges these new architectures bring with them,” said Geoffrey Poer, chief security officer for WhiteHat partner Chronos Global. “Sentinel Source for Microservices clearly demonstrates that WhiteHat understands the changing dynamics in today’s development organization. The combination of great SAST product and innovative licensing model makes it easier for organizations to embrace security for microservices.”