SOURCE: WhiteHat Security

WhiteHat Security

November 15, 2011 11:00 ET

WhiteHat Security Adds Common Vulnerability Scoring System to Sentinel Website Security Product

Latest WhiteHat Sentinel Release Provides Additional Guidance to Prioritize Website Vulnerability Remediation and Better Manage Data Breach Risk

SANTA CLARA, CA--(Marketwire - Nov 15, 2011) - WhiteHat Security, the Web security company, today announced it has added the Common Vulnerability Scoring System (CVSS) to WhiteHat Sentinel, its industry leading SaaS web security service. This release brings CVSS, the industry's standardized security vulnerability scoring system, to the WhiteHat Sentinel Software-as-a-Service website vulnerability management platform. Users now have the option to view CVSS scores in addition to WhiteHat Sentinel's current Findings scoring system to judge severity and prioritize website vulnerabilities for remediation.

Supported by the National Institute of Standards and Technology and the National Vulnerability Database, CVSS is an independent vulnerability measurement used by many IT professionals in a variety of industries to gauge security risks. Scores are based on three components: base metrics, temporal metrics and environmental metrics. The base metric component is available in WhiteHat Sentinel and includes the following criteria for determining the severity of a vulnerability:

  • Access Vector - What access is needed to exploit the vulnerability?
  • Access Complexity - How difficult is it to perform the exploit?
  • Authentication - How many times does a user need to authenticate to get to the exploit?
  • Confidentiality Impact - What information is being leaked upon successful exploit?
  • Integrity Impact - What damage can the attacker do to the site's integrity?
  • Availability Impact - Effect on the availability of the system. Will a successful exploit result in reduced performance of a resource or take it down completely?

"By offering CVSS scores, WhiteHat Sentinel provides its customers access to an industry standard vulnerability scoring system within Sentinel, which can help them better understand the risks imposed by website vulnerabilities and manage the remediation process more effectively," said Ravi Iyer, vice president of product management, WhiteHat Security. "By combining this industry standard with WhiteHat's own Findings scoring system in Sentinel, we are able to help companies prioritize website security, whether they have ten websites or ten thousand."

Now a part of user preferences, CVSS scores of individual vulnerabilities can be displayed on the Executive Summary, Site Summary or the Findings pages within Sentinel. They are also available in the Vulnerability Detail, Attack Vector and PCI Reports (web and PDF versions). For more information on CVSS visit the National Vulnerability Database.

About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is the leading provider of website risk management solutions that protect critical data, ensure compliance and narrow the window of risk. WhiteHat Sentinel, the company's flagship product family, is the most accurate, complete and cost-effective website vulnerability management solution available. It delivers the visibility, flexibility, and control that organizations need to prevent Web attacks. Furthermore, WhiteHat Sentinel enables automated mitigation of website vulnerabilities via integration with Web application firewalls. To learn more about WhiteHat Security, please visit our website at

Contact Information