Sentinel for Developers
WhiteHat Security will alert you to vulnerabilities in your applications either in code (Sentinel Source - static analysis) or in your production environment (Sentinel Dynamic - dynamic analysis). In WhiteHat Sentinel, you can track the vulnerabilities associated with your assets and/or specific vulnerabilities, request vulnerability retests, or ask a question directly of our Threat Research Center engineers.
The Peer Benchmarking Dashboard is designed to show you how your overall security compares with other businesses both in your industry and globally. The measurements reflected in the dashboard include the percentage of your assets that have vulnerabilities, the average number of open vulnerabilities, the remediation rate, and how many days it takes to resolve a vulnerability, on average.
The Frameworks Dashboard is also available; for users with Maven or NuGet repositories, this dashboard will alert you to CVE alerts, commonly used frameworks, out of date frameworks, license information for your assets, and libraries used in your assets. This will generally be of greater interest to your Security and Development teams.
Sentinel offers detailed Vulnerability Reports for both sites and applications (assets under Sentinel Dynamic and Sentinel Source, respectively).
Sentinel findings are visible on the Vulnerability Management page (under the Findings tab in Sentinel). By filtering this page you can limit what you see to specific vulnerabilities: for example, if you are responsible for a particular asset, you can filter for vulnerabilities found on that asset using the Asset Name filter; you can filter for vulnerabilities of a specific vulnerability class or rating, specific tags, etc. and view only the vulnerabilities that meet your criteria.
Vulnerability findings are described by a Rating (the degree of risk associated with the vulnerability) and a Vulnerability Class (describing the type of vulnerability it is). From the main Vulnerability Management page, you can also see the vulnerability status (open, closed, accepted, mitigated, or invalid), the date it was most recently opened or closed, and the name of the asset in question.
To see detailed information about a vulnerability, click on the Vulnerability ID on the findings page. This will take you to the appropriate Vulnerability Detail page, where you can see the vuln class, location, status, date opened, and (optionally) the CVSS score, or request a retest of the vulnerability. Site vulnerabilities will also have links to the attack vectors, while application vulnerabilities will indicate whether there is a compliance policy that affects this vulnerability and will display the source, sink, variable usage, and associated code snippets. There will also be a description of the vulnerability class and general recommendations for remediation; if you have other questions, you can click on the "Ask a Question" link and ask a question directly of the Threat Research Center engineers.