New 'Vantage Prevent' Solution Shifts DAST Left

The Application Security Division of NTT Ltd. has released a new solution designed to make it possible for developers to conduct dynamic application security testing (DAST) at each phase of the software development cycle.

Called Vantage Prevent, the new solution leverages developers' functional and quality assurance tests to identify exploitable security risks in their web apps and APIs, the company says, effectively shifting DAST left. It also allows DevOps engineers to automate security testing in continuous integration and delivery (CI/CD) pipelines within their native environments, and security teams can assess vulnerabilities reported within minutes of discovery before they are deployed into production.

"In bringing Vantage Prevent to market, we realized that the biggest issue that has put so many organizations in a reactive state when it comes to application security is that the industry's traditional solutions are designed specifically for application security teams," said Chris Leffel, chief product officer at NTT Application Security, in a statement. "Vantage Prevent brings DAST to the developer-level and encourages enterprises to embed dynamic application security into the overall quality testing process."

Vantage Prevent is " poised to reignite DevSecOps in modern development" the company says, with such features as:

  • Developer-directed DAST that integrates dynamic scans with functional and quality assurance testing
  • Native API testing with no API specification documents required
  • Language and interface agnostic, with the ability to perform tests against any APIs, single page, and multi-page web applications regardless of language
  • The ability to test incrementally or scan an entire application in local developer environments

Vantage Prevent is the second solution in the company's WhiteHat Vantage Platform portfolio, announced in early December. Billed as a solution that provides modern developers and security teams with end-to-end security coverage of web apps and API testing throughout the software development lifecycle (SDLC), the platform is built on top of a cloud-based SaaS architecture and features a public API designed to integrate seamlessly with teams' existing tools, streamlining workflows and application security.

“The WhiteHat Vantage Platform directly addresses the most important but often overlooked challenges facing security teams," said Craig Hinkley, NTT Application Security CEO, at the time. "Traditional application security solutions cater to application security teams, and therefore lack intelligent context and holistic implementations that benefit developers. Over time, this has put many organizations’ security programs in a reactive state that cannot keep up with the velocity of current development cycles. As one of the industry’s pioneers, we felt that it was upon us to bring about an innovative and forward-thinking approach to application security testing once again, just as we did 20 years ago as WhiteHat Security."

The final phase of The WhiteHat Vantage Platform launch, which the company plans to announce later in Q1 2022, adapts traditional DAST by simulating production-safe attacks against applications to identify exploitable vulnerabilities in pre-and post-production environments, providing security teams with actionable guidance to quickly safeguard against breaches.

About the Author

John K. Waters is the editor in chief of a number of sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS.  He can be reached at [email protected].