You may have heard earlier this month that F5 Networks & WhiteHat Security have partnered to provide dynamic web application firewall security via an unprecedented combination of proactive vulnerability identification & dynamic non-intrusive remediation.  The solution uses F5's iControl scripting language to combine the power of WhiteHat's Sentinel service with F5's Application Security Manager. (The DevCentral team recently interviewed WhiteHat Security's Jeremiah Grossman about the partnership -- listen to the podcast here.)

This week, Bank Technology News recognized this partnership's potential for the financial services industry by including WhiteHat Security in their "The FutureNow List" and specifically calling out this new functionality:

No doubt, risk management and compliance have grabbed many headlines of late. The FutureNow List casts a far broader net, recognizing 10 companies that set themselves apart for the security innovations they brought to market in the past year in a number of important categories, and the contribution these products will make to improving security within financial services organizations. These companies and categories are TriGeo (network), Archer Technologies (IT risk management), WhiteHat Security (Web application security), Application Security Inc. (database), Citi Global Transaction Services (authentication), FireEye (enterprise), Fortent (compliance), Perimeter eSecurity (MSSP), MXI Security (endpoint), and TriCipher (authentication).



Claim to Fame: Web site vulnerability testing integrated with Web-application firewall from F5 Networks

CTO Jeremiah Grossman comments in his WhiteHat blog:

...WhiteHat’s new partnership with F5 Networks automatically feeds that list of detected vulnerabilities into F5’s web-application firewall, protecting the site while giving developers some breathing room while they fix the bugs. “I like WAFs because they provide Web security experts one more option to get their job done,” .

“I mean, consider the thousands of issues posted on, or, or in the WhiteHat Sentinel database. Is anyone really under the impression these will get fixed one at a time or anytime soon? And we’re just talking about the XSS. What about the rest?”