Great security engineers and researchers are about as rare as unicorns. While the need for information security expertise just keeps growing, there just aren’t experts to meet the demand.

Against this backdrop, NTT | Application Security has built one of the largest and skilled teams of security experts anywhere on the planet. These experts comprise our Service Delivery, and they are an integral component of the Sentinel product family.

How The Service Delivery Works

Sentinel Dynamic + Service Delivery

The Sentinel Scanner powers Sentinel Dynamic and is designed for augmentation by expert configuration, intervention, and verification by an expert at the Service Delivery. Sentinel Scanner spiders a web application and performs cutting-edge tests. We use benchmarking tools like WAVSEP and Google Firing Range, as well as internal analysis to ensure our scanner can find every possible vulnerability.





Our testing takes a number of actions and discovers vulnerable behavior rather than specific known issues. These tests are augmented and updated on a daily basis by members of the Service Delivery to detect new attacks when discovered.



The Sentinel Scanner is easy to set up with ongoing configuration by a Service Delivery engineer. This configuration includes monitoring, tuning, and customization of scans to ensure Sentinel properly tests all forms and provides thorough coverage.



Our team of experts provides ongoing verification of all vulnerabilities found by the Sentinel Scanner. The Service Delivery engineer confirms the vulnerabilities, adjusts the scores, provides solutions, and adds descriptions of the vulnerabilities and remediation advice where applicable.

Sentinel Source + Service Delivery

A VM appliance drives the Sentinel Source engine. It retrieves application code from a repository and uses the scanning engine to assess the code for vulnerabilities. The scanning engine compiles the source code to an abstract syntax tree to aid in finding data flow vulnerabilities.


Why the Service Delivery

Automated Scanners are great at scanning and reporting on vulnerabilities in applications at any stage of their lifecycle, but they cannot detect business logic flaws in applications because they cannot be programmed to understand the context. This is true of any application security solution on the market.

Relying on technology alone means forcing your development and security teams to parse through an overwhelming number of non-prioritized vulnerabilities – most of which are false positives – delaying the time it takes to fix the right vulnerabilities. Fortunately for Sentinel users, the security experts in the Service Delivery verify all vulnerabilities first, delivering near zero false positives.

Human intelligence makes the difference between just right and too much … between relevant to your business and ad hoc … and between fixing vulnerabilities now or weeks from now. Combining technology and the talents in our Service Delivery, NTT Application Security is able to deliver the world’s most accurate solutions for application security.