Automatic Issue Correlation Now Part of HCL AppScan
There is no silver bullet that can solve the application security challenge. Each of the core technologies (IAST, DAST, and SAST) has strengths and weaknesses.
Auto Issue Correlation allows us to leverage the strengths of each technology, while overcoming weaknesses with the advantages of the others. Furthermore, Auto Issue Correlation enhances your AST capabilities, improves your prioritization process and reduces remediation time and effort.
For example:
- enriches DAST issues with IAST/SAST details.
- prioritizes SAST findings using the accuracy of your IAST/DAST results.
- validates SAST fixes from the status updates of your IAST/DAST issues.
- reduces the number of vulnerabilities and remediation tasks by grouping issues together.
Once Auto Issue Correlation is activated, correlation is updated automatically whenever any relevant IAST, DAST or SAST issues are found. Existing groups are automatically updated with the new issues, and new groups are created as necessary. No user action is needed.
How it Works
HCL AppScan’s Auto Issue Correlation is based on our IAST solution.
IAST has access to the application at runtime (like DAST) and is able to see the source code (like SAST). Our automatic correlation algorithm matches IAST issues with DAST and SAST issues. It extracts data from each issue and then uses a variety of heuristics to identify correlations. This brings optimization of the remediation process to a new level. So, adding IAST and Auto Issue Correlation to your arsenal can reduce the overall number of issues/vulnerabilities to be addressed.
How to Use It
All you need is to have an active IAST session, and to activate Auto Issue Correlation. AppScan on Cloud (ASoC) will then automatically create correlation groups and show them in the “Correlation group” tab under “All Issues”. ASoC will keep updating and creating new groups as new issues are added to the application.
Here are some examples:
Dashboard
When correlation is identified, it’s indicated on the Issues chart in the dashboard of an application.
Correlation groups page
Click on the Correlation link to open the Correlation page for the application, listing the correlation groups it contains.
Issues in a group
Click on a group to see its issues.
Issue details
The issue pane for a specific issue indicates when it belongs to a correlation and/or fix group in the “Related” section:
Once Auto Issue Correlation is activated, correlation is updated automatically whenever any relevant IAST, DAST or SAST issues are found. Existing groups are automatically updated with the new issues, and new groups are created as necessary. No user action is needed.
We all know that code reuse is a best practice in software development. However, this also means that a single weak link can create multiple security vulnerabilities in an app. The diagram below illustrates how a weak sanitizer could cause multiple SQL Injection vulnerabilities. Since REST API 1 has a different route/source to RESP API 2, their vulnerabilities would appear unrelated in scan results.
Correlation aggregates together vulnerabilities that should be remediated as a single task.
Note in the example below, that the correlation group includes issues found by different technologies (IAST and DAST), of different issue types, and with different severities.
Thanks to Auto Issue Correlation, diverse issues, which would not have otherwise been seen as connected, can now be resolved with a single remediation effort.
Visit hcltechsw.com/AppScan to learn more or schedule a demo.
