Using the WhiteHat Visual Studio Plugin
Launch Visual Studio.
From the Tools pulldown menu, select WhiteHat Sentinel IDE.
To obtain your Sentinel API key, you must log into Sentinel and select My Profile in the upper-right corner. Select the API Key tab, enter your password, and then click Authenticate. After you authenticate successfully, you will see your API key. Copy the API key to your clipboard and paste it into the API Key field when logging into the WhiteHat Sentinel Plugin for Visual Studio, as described in the previous section.
Select the application you want to review from the drop-down list and click on the filter icon ( ).
From here you can search for vulnerabilities by Vuln ID, Vuln Status, Rating, or date opened; enter your filter parameters and click on the filter icon ().
Double-click on a specific Vuln ID in the list to see trace IDs and the associated code snippets for that vulnerability. (Double-clicking any vulnerability on the Manage Vulnerabilities tab navigates the user to the Debug Vulnerabilities tab.)
Click on the caret next to the Vuln ID to see the Attack Vector IDs, and click on the caret next to the Attack Vector ID to see the Attack Vector Types, Source Code Locations, etc.
Click on a specific attack vector type to see the associated code snippet; double-click to bring up that code in your environment.
If no source code snippet is displayed, click Specify Source Folder and browse until the correct file is displayed. Double-click the file name.
If the plugin cannot locate the correct string in your current code, it will look for the method.
If the method has changed and can’t be identified, you will see an error:
In addition to the code snippet, the WhiteHat Plugin will show you a general description and solution for the vulnerability, allow you to ask WhiteHat Security Engineers a question and see their response, or view directed remediation advice.
Select the tab to see the information.
The "Description" tab will offer a description of the vulnerability class in question, as in the example below:
The "Solution" tab will offer an approach to resolving the vulnerability class in question, as in the example below:
The "Directed Remediation" tab will offer one or more suggested changes to the code that will remediate the vulnerability in question, as shown below:
Note: The Directed Remediation tab only appears for C# applications.
You may base your code changes on the examples given, or copy and paste the code directly, or download the code as a patch using the "Download Patch" link.
Note: If you download the patch or copy and paste the code, you may also need to download the dependencies (there is a "Download Dependencies" link next to "Download Patch"). Unless the dependencies are downloaded and installed, the new code may not compile correctly. This link will take you to a zipped file in WhiteHat’s Customer Portal, which you will need to download and install (the file name will be similar to "remediation.security-api-1.0-SNAPSHOT.jar.zip").
In addition, the Q&A tab offers the opportunity to ask questions about this vulnerability and receive answers directly from WhiteHat Security Threat Research Engineers.
If questions or answers already exist for this vulnerability, you will see them in the list on the Q&A tab.
Clicking on "Ask a Question" will bring up a dialogue box that will allow you to enter a question about this vulnerability and receive answers directly from WhiteHat Security Threat Research Engineers, as shown below:
Enter your question and click on "Submit."
If a question has already been asked or answered, it will appear in the list.