This financial services firm’s partnership with Synopsys helped achieve effective and long-term risk and cost reduction. By protecting business-critical applications, WhiteHat™ Dynamic empowers this organization to secure its digital future.
This financial organization is one of the largest online brokers in the U.S., so application security is a top priority. It needed to improve the security of its business-critical applications and identify vulnerabilities, such as those that would provide the ability to access other users’ account information, access other users’ message attachments, access admin functionality without admin-level access, and access authenticated functionality without a valid authenticated session. It also needed faster and more accurate remediation to ensure security assurance and risk compliance.
The organization chose WhiteHat Dynamic from Synopsys and have been using it for more than eight years to continuously analyze its most critical applications. Automation, easy integrations, accuracy of findings, and on-demand security testing expertise have helped mitigate issues in production. In addition, in-depth manual penetration testing of the application layer has been highly effective in finding complex business logic vulnerabilities that cannot be discovered by scanners alone.
WhiteHat Dynamic
Application-level protection provides us with an invaluable layer of security for our platform and our customer data. WhiteHat Dynamic is extremely beneficial to us in reducing security vulnerabilities and risks."
Application Security Lead
|Financial Services Company
WhiteHat Dynamic provides industry-proven web application security for modern and traditional websites, web applications, and frameworks.
WhiteHat Dynamic enables the development team to assess applications in preproduction and production environments, so they can view vulnerabilities in a larger, more accurate context. Comprehensive and continuous scans find runtime vulnerabilities that are tough to spot through source code analysis alone. And Synopsys security experts serve as an extension of the development and security teams by verifying results and eliminating false positives—over 9,500 since 2015.
WhiteHat Dynamic—it’s simple, it works. WhiteHat gets me useful information that I can transact on."
Application Security Lead
|Financial Services Company
Business logic assessments (BLAs) are manual assessments performed by security engineers to look for application vulnerabilities that cannot be effectively found in an automated fashion. For development and security teams, BLAs complement the automated testing of WhiteHat Dynamic and help ensure regulatory compliance. These vulnerabilities include cross-site scripting, fingerprinting, content spoofing, cross-site request forgery, URL redirector abuse, brute force, and more.
More than 22% of the total vulnerabilities found were detected through the BLAs. Around 80% of the vulnerabilities found through BLAs had Critical to Medium rating.
Collaborating closely with Synopsys threat intelligence experts, the organization’s security team is able to identify real-time threats faster and share their findings with others in the organization.
Synopsys security experts have been highly responsive and provide us with high-quality subject matter expertise that helps us remediate and mitigate vulnerabilities accurately and efficiently."
Application Security Lead
|Financial Services Company
Integration with issue-tracking systems such as Jira enables the development team to deliver secure applications at the speed of development. As vulnerabilities are discovered in WhiteHat Dynamic, they are pulled into Jira to help ensure faster remediation. As vulnerabilities are retested, the integration allows developers to use WhiteHat’s Ask A Question feature directly from the issue in Jira.
The WhiteHat Dynamic dashboard and reports provide critical insights to the security team, enabling them to better understand security risks, prioritize remediation for critical vulnerabilities, and evaluate the results of the application security program. An overview of status, risks, and trends empowers managers, improves decision-making, and ensures that high-priority vulnerabilities are remediated. And expanded visibility across the entire application security program enables the security team to better manage risks and reduce exposure to data breaches.
Synopsys customer service has been outstanding, and support staff is extremely helpful to quickly schedule and escalate business logic assessments as needed."
Application Security Lead
|Financial Services Company
The Synopsys support team helps align people, processes, and technology to achieve operational readiness. Working closely with the security and development teams in managing support services, vulnerabilities review, and more has ensured rapid problem resolution.
Company overview
This financial services company—one of the largest financial firms in the U.S.—needed to
It chose Synopsys WhiteHat Dynamic to
See why DAST remains a primary pillar in a holistic AppSec program
Top 10 Most Common Web and Software Application Vulnerabilities
Preview the report