start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Close
Select Page

Web applications face an increasing number of security threats every day. Fortunately, application security testing platforms like HCL AppScan are constantly evolving to recognize new vulnerabilities. But with DevOps teams releasing code at faster and faster rates, the time it takes to remediate issues can become a critical pain point. Prioritizing which problems to fix is becoming increasingly important in the face of sometimes overwhelming test results.

HCL AppScan is making that process easier and more efficient using an Auto Issue Correlation algorithm leveraging its IAST solution (Interactive Application Security Testing) available in both its AppScan Enterprise and AppScan on Cloud offerings. These security solutions also include DAST (Dynamic Application Security Testing), SAST (Static Application Security Testing) tools and Auto Issue Correlation makes full use of all of them.

Each testing engine has different strengths and weaknesses, but Automatic Issue Correlation pulls from the strengths when viewing all the data together. For instance, whereas DAST delivers very accurate results, it cannot see the code and provide the level of detail that you get from SAST and IAST scans. But with correlation, you can use your SAST and IAST scans to confirm and enrich the findings of your DAST results.

Likewise, SAST can produce an overwhelming number of findings making it hard to know what to prioritize for remediation. But the accuracy of IAST and DAST scans, when overlayed on top of the SAST results produces a subset of clearly critical issues that are now easier to remediate all at once.

Additionally, SAST fixes cannot be validated since the developers are “inside the box” and only looking at the code unlike DAST and IAST. If an issue can be confirmed as resolved with correlation from these additional engines in the form of status updates, users gain fix validation in addition to the complete coverage and short scan times inherent in SAST.

risk rating

Sample AppScan dashboard showing scans, issues found, and correlations.

Auto Issue Correlation extracts data from each IAST, DAST and SAST issue and then uses a variety of heuristics to identify correlations. This effectively reduces the overall number of vulnerabilities and remediation tasks by grouping issues together where they can be addressed quickly and completely. If a related issue was found by all three testing engines—IAST, DAST and SAST—it moves to the top of the list for remediation. Next in line are issues correlated from IAST and DAST or IAST and SAST. After that priority moves to issues found by IAST or DAST. And once all these fixes have been made, developers can move on to any remaining issues found exclusively by SAST.

IAST with Auto Issue Correlation delivers a more efficient and organized approach to fixing security issues, giving both developers and security teams greater confidence in the outgoing product, no matter how fast the updates keep coming.

Visit hcltechsw.com/AppScan to learn more or schedule a demo.

 

Comment wrap

Start a Conversation with Us

We’re here to help you find the right solutions and support you in achieving your business goals.

  |  December 23, 2024
Transforming Application Security Testing with Developer-Centric DAST
Empower developers to find and fix vulnerabilities early with developer-centric DAST. Learn how this approach can improve your application security testing.
  |  November 27, 2024
The Hidden Cost of Security Fixes for Software Developers
Developers spend up to 19% of their time on security tasks, costing companies $28K per developer annually. Learn how to reduce this burden and improve your application security posture with HCL AppScan.
  |  October 28, 2024
DAST and SCA Capabilities: Latest Updates in HCL AppScan on Cloud
Discover the latest DAST, SCA, and integration updates in HCL AppScan on Cloud, enhancing application security and streamlining development workflows.