WhiteHat Security Approved as a MasterCard Site Data Protection Scanning Vendor17 May 2006
WhiteHat Security, a leading provider of web application security services, announced today that it has successfully completed the MasterCard Site Data Protection (SDP) scanning vendor testing process. As an SDP approved scanning vendor, WhiteHat is allowed to help merchants evaluate the security of their Web sites, and achieve compliance with the Payment Card Industry (PCI) Data Security Standard.
WhiteHat Security has achieved approved status by proving its ability to detect, identify and report vulnerabilities common to flawed web site architectures and configurations. These vulnerabilities, if not patched in actual merchant Web sites, could potentially lead to an unauthorized intrusion. By proactively identifying and providing the opportunity to remedy such vulnerabilities, SDP-approved scanning solutions offer a means for reducing risk of intrusion and data compromise.
"WhiteHat is pleased to join the SDP program and to offer merchants a cost-effective, one-stop solution that meets PCI compliance standards," said Stephanie Fohn, WhiteHat chief executive officer. "The combination of WhiteHat's industry-leading web application assessment technology with network vulnerability assessment provides merchants with comprehensive vulnerability coverage."
The SDP Scanning Vendor Approval Process is a core component of MasterCard's Site Data Protection Program(TM), a comprehensive, proactive and cost-effective program designed to help protect the online and physical infrastructures of its customer financial institutions, merchants and other payment processors holding MasterCard account information.
"The Site Data Protection Vendor Approval Process reflects our ongoing commitment to helping our customers and merchants evaluate and improve the security of their web sites and physical sites in a timely and affordable manner. The end result we are striving for -- improved overall channel security -- is a win-win for all parties involved," said Stephen Orfei, senior vice president and head of the MasterCard e-Commerce Center of Excellence.
The Scanning Vendor Approval Program requires a two-step process. The first step is to complete an online application form, which can be found at the SDP Web site. The application provides MasterCard with an overview of the applying organization, along with a detailed assertion by the security vendor that their solution is compliant with or exceeds the requirements set forth in the PCI Data Security Standard. After applying for vendor approval testing, the second step is for vendors to submit their solutions to a rigorous evaluation cycle that spans across a wide range of Web servers, firewalls, and operating systems -- an environment controlled and managed by MasterCard.
WhiteHat Security PCI Solutions: Comprehensive and Cost-Effective
WhiteHat's PCI Compliance solutions meet the existing PCI standard by identifying network vulnerabilities and all 24 classes of web application vulnerabilities as identified by the Web Application Security Consortium (WASC). WhiteHat gives merchants, and their customers, the confidence that WhiteHat-evaluated websites have received a comprehensive vulnerability assessment.
WhiteHat Security Platinum PCI Compliance Package
For companies with applications and networks that change frequently, the Platinum package provides the security of continuous coverage, plus PCI compliance, for an affordable annual fee.
The Platinum PCI Compliance Package includes:
* On-demand network scans and WhiteHat Sentinel continuous custom web
application assessment.
* 24x7 access to web reporting interface for real-time vulnerability
status
* Coverage of the Web Application Security Consortium 24 classes of web
application vulnerabilities
* Comprehensive PCI Reports
WhiteHat Security Quarterly PCI Compliance Package
For companies that only need quarterly assessments to meet the requirement, WhiteHat offers a PCI package that provides comprehensive quarterly scans at a competitive price.
The Quarterly PCI Compliance Package includes:
* Quarterly scans of network and custom web applications
* Two re-scans per quarter to confirm remediation
* Coverage of the Web Application Security Consortium 24 classes of web
application vulnerabilities
* Comprehensive PCI Reports
Pricing and Availability
WhiteHat PCI Compliance services are currently available. Pricing is based on the customer's total number of IP addresses and web applications. Volume discounts apply. Contact the WhiteHat sales office at (408) 492-1817 for more information.
About MasterCard SDP
The MasterCard Site Data Protection Program is a proactive, cost- effective, global solution offered by MasterCard through its acquiring members. The program provides acquiring customers with the ability to deploy security compliance programs, assisting online merchants and Member Service Providers to better protect against hacker intrusions and account data compromises. The program takes a proactive approach to security by identifying common possible vulnerabilities in a merchant web site and makes recommendations for short-and long-term security improvements. The solution addresses the security issues that online merchants and their acquiring banks face in the virtual world, and concerns arising from these issues, such as Internet fraud, chargebacks, brand image damage, consumer information safety and privacy and the cost of replacing stolen account numbers.
About WhiteHat Security, Inc.
Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of web application security services. WhiteHat develops comprehensive, easy-to-use, cost-effective solutions that enable companies to secure valuable customer data, meet federal compliance standards and maintain customer confidence. WhiteHat Sentinel, the company's flagship service, provides continuous vulnerability assessment and management for web applications. For more information about WhiteHat Security, please visit our website, http://www.whitehatsec.com.
Source: prnewswire
All trademarks and copyrighted information contained herein are the property of their respective owners.
The Shield Pro 2006
Related Articles
|
