4 out of 5.0, Reviewed Jun 13, 2016
The tool itself finds mostly low-hanging fruit vulnerabilities. The experience with the customer service team is spotty - depends on which customer success manager you get. The PE level with BLA is average.
Compete WhiteHat against Veracode, Cigital 3D, Rapid7, etc. Focus on quality, use of portal, the skills/resources used for BLA, and then look at cost.
Fairly clean, easy-to-use portal.
Overall quality of results. I believe there are more false negatives than there should be.
Enable better ability to bootstrap applications into the tool.
Understand that the BLA only happens once a year, so time it well. Train developers, product managers better up front on the tool, and how to use it. Integrate with defect tracking (e.g. Jira)
Wish they found more complex vulnerabilities. Low hanging fruit only. Junior pen tester can find most of what WhiteHat finds.
Customer success manager did a good job ensuring feedback was incorporated and flexibility was available.
They failed to be able to test in QA, due to technical limitations on our end they couldn't help us overcome. Jira integration is okay.
4 out of 5.0, Reviewed Feb 25, 2016
The product and service has helped to prioritize our application remediation work.