WhiteHat brings new dimension to DAST capabilities at Synopsys

2022-6-23 04:5:40 Author: www.synopsys.com 阅读量:11 收藏

Posted by on Wednesday, June 22, 2022

The acquisition of WhiteHat Security, the leading the DAST solution provider, is a step toward a more comprehensive, end-to-end portfolio for AppSec.

WhiteHat Security acquisition | Synopsys

Today, Synopsys closed the acquisition of WhiteHat Security, an application security pioneer and market-segment leading provider of dynamic application security testing (DAST) solutions. Jason Schmitt, general manager of the Synopsys Software Integrity Group, provided some insights into how WhiteHat™ DAST will fit into the Synopsys portfolio in an earlier blog post. Today I would like to concentrate on what it means to our customers.

What’s in it for me?

According to the Forrester report “The State of Application Security, 2022,” applications are the most common attack vector, with “web application exploits” the third-most-common attack. Accordingly, it is imperative that organizations test their running web applications in the same way that attackers probe them, to identify and eliminate vulnerabilities before they are discovered and exploited by outside agents.

DAST is certainly not a new technology, and Synopsys already offers DAST testing to our customers. But WhiteHat brings an entirely new dimension to our DAST capabilities. Specifically, it brings the ability to safely scan production applications without the need for a separate test environment. This ensures that what is exposed to hackers has been tested as deployed.

This is a critical capability, as the primary objective of DAST is to test running web applications for vulnerabilities such as SQL injection and cross-site scripting. These common vulnerabilities that are exploited in production applications do not exist in source code; they arise only after deployed into production. This makes DAST an essential component of any application security testing program.

There is often confusion regarding the use of static application security testing (SAST) and software composition analysis (SCA) and the need for DAST. SAST and SCA test the application code and therefore discover a different set of vulnerabilities than DAST due to the fundamental differences in their approach. As such, most organizations utilize all three techniques at various points in the development process.

Historically, organizations have been reluctant to run DAST tests against production applications due to fears of data corruption from the DAST testing processes or impact to application performance. Instead, organizations often test the application in a production-like environment. But this opens the door for discrepancies between the testing environment and the production environment, which creates the potential for vulnerabilities to go undetected. The production testing capabilities of WhiteHat effectively eliminate this issues, empowering organizations to test their production systems.

WhiteHat DAST capabilities

WhiteHat DAST delivers the essential elements that make DAST testing an effective component of any testing regime.

  • Cloud-based. The SaaS delivery of WhiteHat DAST simplifies implementation, providing the agility to scale fast as security testing needs evolve.
  • Continuous scanning. WhiteHat DAST supports continuous scanning that detects and adapts to code changes, ensuring that new functionality is automatically tested. This means that WhiteHat DAST keeps pace with the speed of your development processes and ensures that testing is consistently applied.
  • Accurate results. WhiteHat DAST utilizes AI-enabled verification that dramatically reduces false positives while minimizing vulnerability triage time, ensuring that developers are focused on the vulnerabilities with the highest risk.
  • Remediation guidance. WhiteHat DAST provides personalized remediation guidance from a team of application security experts, ensuring that identified vulnerabilities can be quickly and confidently addressed. This delivers a prioritized list of vulnerabilities and the guidance to fix them at business speed.
  • Risk scoring. The WhiteHat Security Index provides a single score that enables you to gauge the overall status of web application security.
  • Headless operations. Many organizations have built dashboards and other systems to manage application security testing. WhiteHat DAST supports these implementations by providing a rich set of APIs that enable tests to be scheduled and results to be captured programmatically. This ensures that WhiteHat DAST can be readily integrated into security and DevOps processes, and findings can be assimilated into organizational systems.

Rounding out the portfolio

Ten years ago SAST and DAST were the primary testing methods. They were the non-negotiables that every organization used to test their software. The rapid growth of open source quickly elevated SCA into the conversation, and now SAST, DAST, and SCA make up the “big three.”

With the acquisition of WhiteHat, Synopsys now offers SAST, DAST, and SCA solutions that are considered market leaders in their respective categories. There are other vendors that offer this, but often they concentrate on only one of the big three, and offer the other two as a side dish. I would submit that Synopsys now offers SAST, DAST and SCA as three main courses. And with the recent addition of Code Dx®, we provide a solution to aggregate, correlate, prioritize, and report against the findings from these solutions.

In summary

You can see why we at Synopsys are so excited to add WhiteHat DAST to our portfolio. WhiteHat DAST enables you to test applications at DevOps speed and enterprise scale, building trust into your entire software portfolio. WhiteHat DAST is production safe, so applications are tested in the same form that hackers approach them. The SaaS delivery and headless operation of WhiteHat DAST enables organizations to readily integrate DAST into their DevOps and application security testing processes. Remediation guidance ensures that prioritized findings can be addressed at the speed that business dictates.

Learn more about WhiteHat DAST

Request a demo


From: https://www.synopsys.com/blogs/software-security/synopsys-acquires-whitehat-security/