How Sentry App Works
The Sentry App emulates a real hacker by launching attacks and monitoring how the application responds. Sentry App scales to assess any sized application and making the evaluation of the application's security an automated process. This next generation application scanning solution begins by building a map of the website and collects important information on the configuration and content. Sentry App scales applications automatically but in special cases may be done so interactively for more in depth results.
Sentry App is at the forefront of application scanning utilizing the newest technology and techniques to assess responses from the web server in an emulated browser. This advanced scanning process is driven by a vast and continuously updated library that summarizes best practices and procedures to both test attack resistance and confirm internal security compliance. This results in extremely high accuracy with a very low rate of false positives.
Sentry App prioritizes your vulnerabilities with a quantitative score called HARM™
Sentry App Harm Score
What exactly is a HARM score?
HARM is a quantitative risk metric that automatically scores the vulnerability risks in your web applications. The HARM score helps you to better understand your application's risks, measure progress toward security goals such as protecting your brand or getting compliant with regulations, and also gives you a measurement of your security baseline. For a given application the HARM score is calculated by a series of formulas that determine how vulnerabilities detected by a potential attack are weighted. HARM stands for the Hailstorm Application Risk Metric.
What do you do with a HARM Score?
Once you have it; you can now deal with the biggest holes in your applications; the ones that are most vulnerable to hackers.
HARM automatically tells which vulnerabilities are the most important and where they are; allowing you to directly deal with those vulnerabilities. After you've closed the holes in your application you can re-run the automatic process to get a new HARM score and see how much you've lowered the risks in your application.
A good or bad HARM score? Different applications have different baseline HARM scores. Some highly vulnerable applications exhibit scores greater than 50,000, while an extremely secure web application with few vulnerabilities may score less than 500.
The HARM Score measures exactly what? Your HARM base score sums both your applications' total vulnerability profile and vulnerabilities detected by a particular SmartAttack in each application considering the following four areas:
- Application
- Session
- Browser
- Environment
A complexity factor is applied to determine the means by which the vulnerability may be exploited. For instance, simple attacks such as those performed in a browser or automated with publicly available tools are considered higher risk. These are in contrast with attacks that require custom coded scripts.
Sentry Apps' job execution engine automatically discovers applications and performs ongoing assessments using SmartAttack™ library
What’s a SmartAttack? SmartAttacks are automated attacks that simulate a hacker trying to compromise or cripple your application. They're called "Smart" because their objective is to find vulnerabilities rather than to compromise your application
Each SmartAttack checks for a specific kind of application vulnerability using highly advanced and specialized logic, providing unprecedented accuracy and reduction of erroneous results.
More Sentry APP Web Application Security Features
|
