Loading product reviews...

application-security-testing whitehat-security All Markets > Application Security Testing

WhiteHat Security

4.6 out of 5.0 (18 ratings)

Reviews Distribution

5 Stars
4 Stars
3 Stars
2 Stars
1 Star
We don't have any qualitative reviews for this vendor yet


View other vendors in this market
We have aggregated ratings data on WhiteHat Security but all of our reviewers have opted out of sharing their qualitative review feedback. In certain cases we allow reviewers to withhold their qualitative review feedback from public view, in order to protect their confidentiality.
  • 5 out of 5.0, Reviewed

    Product(s): Sentinel

    Good service providing effective analysis; very easy to set up and maintain

    Overall Comment

    The original onboarding process was handled very efficiently by WhiteHat and they explained in an appropriate level of detail how the service worked and how to use the portal. The service has been effective in identifying areas within our application where we have had issues we needed to address. Support has been good and on-boarding of subsequent extensions to our original scope has been handled well.

    What one piece of advice would you give other prospective customers?

    The tool is very powerful and may well provide a fair amount of insight into your application - you then need to make sure you are in a position to actually address the issues uncovered.. this is the harder part in my experience.

    What do you like most about the product or service?

    It does exactly what I expected it to.

    What do you dislike most about the product?

    Can't think of anything.

    What one thing do you wish the vendor did differently?

    Can't think of anything.

    If you could start over, what would your organization do differently?

    The findings produced by the service are only useful if acted on so I would ensure responsibilities around its use within my team were formalised from the start.


  • 5 out of 5.0, Reviewed

    Product(s): Sentinel, Sentinel Source

    WhiteHat in a contractor-centric enviornment

    Overall Comment

    WhiteHat has been a good partner. They have always put resources when needed at our disposal, and continue to remain engaged in our code security efforts. Their static analysis tool has come very far from when I first reviewed it, and I consider it to be on par with other SaaS based static tools (to be fair, the very best results come from a fully tuned, on-premises tool). They do tend to push for more enhanced scanning levels, which of course comes with a cost increase, but they do not question a decision once made, and fully support the process. The technical resources they have put forth are always on point. They're good at what they do, or at a minimum, very well prepared. Integration is easy as they have a pretty well-featured API. We are able to automatically dump vulnerabilities to our tool of choice, which is important as we work in a very contractor-centric environment (on the development side). On the sales/renewal side, they work well with our processes, always putting needed resources at our disposal. We always work together at that time to ensure that our renewal is correctly sized to cover our existing needs and cover us for the future. We don't have much "waste" (unneeded scans) with our purchase, and much of this is due to the hard work WhiteHat puts into it along with our teams. I would like to collect better metrics. Their built-in reports are good, but I'd like to be able to dump everything into a single file and manipulate it myself which is sometimes cumbersome.

    What one piece of advice would you give other prospective customers?

    Check out their partners and integrations. WhiteHat's mobile offering is, in my opinion, not ideal, but what's great is that they recognize their weaknesses and solve with strategic partners.

    If you could start over, what would your organization do differently?

    More use of the API. Automation makes this much easier - particularly when you're trying to match code to a contractor on a real-time basis.


  • 5 out of 5.0, Reviewed

    Product(s): Sentinel

    Continuous DAST assessments that scale well.

    Overall Comment

    We have implemented a Web Application Vulnerability Management Program around the service WhiteHat provides. The program’s scope is our Internet facing, production web applications. WhiteHat's SaaS allows us run continuous DAST assessments against hundreds of applications utilizing a single FTE. They provide a good service that scales extremely well. Their support organization is friendly and easy to work with. WhiteHat's API allows us bring their vulnerability data into our aggregation tool, merge it with asset inventory data, and feed it into our downstream vulnerability management processes.

    What one piece of advice would you give other prospective customers?

    Finding security vulnerabilities is easy. Remediating them is hard, but is where you actually reduce the risk. Ensure you have cooperation from application owners and developers prior to engaging this type of service.

    What do you like most about the product or service?

    WhiteHat does their core competency well, and allows us to scale our assessments quickly and easily.

    What do you dislike most about the product?

    False positives/negatives in the vulnerability data. Initially, they advertised their service as fast positive free. As we scale, it becomes more and more important that their vulnerability analysis be accurate. Their false positive rate is low, but not zero.

    What one thing do you wish the vendor did differently?

    WhiteHat could expand their service to offer asset discovery. They have a manual process they use when signing up a new client, but it falls apart trying to use it on an ongoing basis. Our application portfolio is dynamic, and we had to purchase a service through another company to make sure inventory didn't slip through the cracks.

    If you could start over, what would your organization do differently?

    We would spend more analysis time up front sizing the amount of licenses required, or try to enter into more of a pay-as-you-go contract. We oversized our need, and have ended up overpaying for our actual use. The vendor has been more difficult to work with around right-sizing in contract renewals than expected.


  • 4 out of 5.0, Reviewed

    Product(s): Sentinel

    Solid cloud-based application security testing provider.

    Overall Comment

    Ease of implementation and use. Solid dashboard reporting.

    What one piece of advice would you give other prospective customers?

    Ask for other customer references/testimonials, and look at Gartner trends.

    What do you like most about the product or service?

    Ability to turn on/off new applications.

    What do you dislike most about the product?

    A bit pricey.

    What one thing do you wish the vendor did differently?

    Improvements to dashboard would be beneficial.

    If you could start over, what would your organization do differently?

    None.


  • 5 out of 5.0, Reviewed

    Product(s): Sentinel

    Smooth process from implementation through operations.

    Overall Comment

    WhiteHat has proven to be committed to their customer's success. Their management team strives to ensure customer satisfaction, their on-boarding team is efficient and very helpful, and their Threat Research Center (TRC) is excellent in explaining scanning results/issues. They are helpful in ensuring that customer's get the most benefit from their service.

    What one piece of advice would you give other prospective customers?

    When developing a SAST/DAST capability, you need to incorporate more than 1 product to ensure you are providing adequate depth & breadth of capabilities

    What do you like most about the product or service?

    The fact they have a dedicated part of the organization that reviews and verifies results to minimize/eliminate false positives; and they are very knowledgeable (and responsive) with their answers to technical questions.

    What do you dislike most about the product?

    Since we renewed the service, I think it is safe to say we believe the service is a helpful addition to our AppSec program.

    What one thing do you wish the vendor did differently?

    Although it is good, the interface needs a little more refining to adequately convey results/process of scans.

    If you could start over, what would your organization do differently?

    Identify and prioritize the scanning requirements, and ensure their is a clear understanding between your company and the vendor. Fortunately, WhiteHat is commited to being a partner in the application security process.


  • 4 out of 5.0, Reviewed

    Product(s): Sentinel

    Fast easy implementation, Great at finding critical vulnerabilities quickly

    Overall Comment

    On-boarding team was strong and driven for us to succeed. Willing to help us learn while managing the implementation. Startup/entry was easy and stright forward and we were "up and running" with starting reports in just a few days.

    What one piece of advice would you give other prospective customers?

    Do your own risk analysis in addition to any single vendor. Don't implecitly trust any single vendor. Make sure they are really testing everything.

    What do you like most about the product or service?

    I have come to trust thier testing services and I feel confident in the test results. We have found Whitehat to one of the best at indepth Java script-heavy page analysis. Compared to some of the competitors we evaluated, thier "continuous scanning" technology set them apart from weekly or monthly scans.

    What do you dislike most about the product?

    Occasionally, Whathat did not find vulnerbilities that other products found. (but conversely, Whitehat found vulnerabilites that others missed) I dont fully trust any one vendor. (similar to Anti virus today, one AV solution does not mean you will not get a virus)

    What one thing do you wish the vendor did differently?

    Right at the begining, we started receiving reports, but only after goign through them did we find that several findings were missing and pages were not being scanned. We had to bring it to thier attention that some were missed and then they fixed it, but I would have liked for them to tell us. One other Item, the Executive summary report is too detailed for my management. Exec report should be exec level and not include IP's and other details they dont care about. Handing my execs a 10+ page document with descriptions and details only ensured they did not fully read it.

    If you could start over, what would your organization do differently?

    Buy Training hours and entry training prior to implentation. We received findings/reports of findings right after implementation, but understanding what to do with the findings were overwhelming to start. Learning curve was quick and they were there to help support us through ramp up. They were supporting from the begining.

    Integration & Deployment - Overall comment

    Integration is critical in our overall security posture. API integration with other ticketing vendors and solutions is limited.


  • 5 out of 5.0, Reviewed

    Product(s): Sentinel

    WhiteHat provides a great Web Application Security as a Service

    Overall Comment

    WhiteHat always go above and beyond our expectations.

    What one piece of advice would you give other prospective customers?

    Make sure you use WhiteHat's expert advice.

    What do you like most about the product or service?

    The personal contact between application testers and our internal web dev team.

    What do you dislike most about the product?

    Price is a little high.

    What one thing do you wish the vendor did differently?

    Cheaper.

    If you could start over, what would your organization do differently?

    Cant think of anything.


  • 4 out of 5.0, Reviewed

    Product(s): Sentinel, Sentinel Mobile

    Strong testing fundementals with informaiton you can use with your customers.

    Overall Comment

    WhiteHat does an amazing job once engaged. We found the testing criteria and the quality of the test on par with our high expectations for this company. The reporting and the customer out reach were very good We were pleased with the overall result. There was some misscommunication and delay during early implimentation. However our account representatives were able to correct this in a reasonable amount of time.

    What one piece of advice would you give other prospective customers?

    Ensure that you manage your testing projects actively. The Whitehat team is dedicated and hard working but unless theere is a stong plan in place there is a chance for misscommunication.

    What do you like most about the product or service?

    Portability and Utility

    If you could start over, what would your organization do differently?

    We would have spent more time understanding the testing team initially assigned to our account.


  • 5 out of 5.0, Reviewed

    Product(s): Sentinel

    The best Saas offering in the Dynamic and Static scan space.

    Overall Comment

    Whitehat provides a state of art Saas offering that facilitates our web application security and compliance strategy. It integrates with source code version control systems like SVN and Git. Moreover, it allows for integration with JIRA that further simplifies with vulnerability management and tracking. We compared this product against Veracode, HP WebInspect and IBM App scan and Whitehat performed better against the competition for every single metric of ours. Implementation was smooth and we were up an running in less than a week. The whitehat support team responds quickly to any support tickets and/or issues and works diligently to resolve them. A definite recommendation for both Dynamic and Static Scans.

    What one piece of advice would you give other prospective customers?

    Start with the Saas Approach, easy to setup, you up and running.

    What do you like most about the product or service?

    Easy to setup and use.

    What do you dislike most about the product?

    None

    What one thing do you wish the vendor did differently?

    N/A

    If you could start over, what would your organization do differently?

    N/A


  • 5 out of 5.0, Reviewed

    Product(s): Sentinel

    Solid Offering

    Overall Comment

    Overall experience has been good. Tool works well as as dscribed. Customer service is attentive and helpful.

    What one piece of advice would you give other prospective customers?

    none.

    What do you like most about the product or service?

    Zero false positives, and their engineers can back that up explaining why.

    What do you dislike most about the product?

    None

    What one thing do you wish the vendor did differently?

    None

    If you could start over, what would your organization do differently?

    Involve our own internal "customers" earlier in the process. Allow them to build relationships with WhiteHat of their own.


Show More Reviews

Ratings Overview

1 2 3 4 5
Section
1

Evaluation & Contracting

Overall rating of product evaluation and contract negotiation

(17)
4.4

Ability to understand your organization's needs

(18)
4.3

Timely and complete response to product questions

(18)
4.7

Pricing and contract flexibility (pricing and terms)

(18)
3.9
1 2 3 4 5
Section
1

Integration & Deployment

Overall rating of integration and deployment

(18)
4.7

How long did your deployment take?

0 - 3 months (<3)

I don't know


Availability of quality 3rd-party resources (integrators, service providers, etc.)

(9)
4.2

Ease of integration using standard APIs and tools

(11)
4.2

Quality and availability of end-user training

(16)
4.1

Ease of deployment

(18)
4.8
1 2 3 4 5
Section
1

Service & Support

Overall rating of service and support

(18)
4.7

Did you purchase a support package from the vendor?

Yes

No

I’m unsure


Timeliness of vendor's response

(18)
4.8

Quality of technical support

(18)
4.8

Quality of peer user community

(12)
4.1
1 2 3 4 5
Section
1

Product Capabilities

Overall rating of product capabilities

(18)
4.4

Dynamic AST as a Tool

(11)
4.5

Dynamic AST as a Service

(17)
4.6

Static AST as a Tool

(4)
4.8

Static AST as a Service

(7)
4.6

Interactive AST

(4)
4.5

Mobile AST

(4)
3.8

Enterprise-Class AST

(7)
4.4

Stand-Alone AST

(5)
4.6

WAF/EMM Integration or RASP

(4)
4.5
1 2 3 4 5
Section
1

Additional Context

What was the nature of your involvement?

Technical Assessment

Application Lead

Executive Sponsor

Vendor Management

Development/Integration

Functional Assessment

Maintenance and Support

Rollout and Install

User Training

Vendor/Product Selection


What other vendors were considered?

Veracode

Hewlett Packard Enterprise

IBM

Trustwave

Acunetix

Qualys

Rapid7

Checkmarx

Cigital

PortSwigger

WhiteHat Security

Contrast Security

Netsparker

edgescan

NowSecure

The Open Web Application Security Project (OWASP)

Other...


Why did you purchase this product?

Improve compliance & risk management

Create internal/operational efficiencies

Improve business process agility

Improve business process outcomes

Enhance decision making

Improve customer relations/service

Reduce time to market

Cost management

Drive innovation

Drive revenue growth

Other...


What were the key factors that drove your decision?

Product functionality and performance

Strong services expertise

Product roadmap and future vision

Overall cost

Strong customer focus

Breadth of services

Financial/organizational viability

Functional breadth

Strong consulting partnership

Pre-existing relationships

Other...


In which region(s) did your deployment take place? Multiple responses allowed.

North America

Europe, Middle East and Africa

Asia/Pacific

Latin America