The AppSec How-to: Visualizing and Effectively Remediating Your Vulnerabilities

The biggest challenge with Source Code Analysis (SCA) tools is how to effectively prioritize and fix the numerous findings. Developers are quickly overwhelmed while trying to analyze security reports containing results that are presented independently from one another. Take for example, WebGoat – OWASP’s deliberately insecure Web application used as a test-bed for security training – has more than 100 Cross-Site Scripting (XSS) flaws. Assuming that each vulnerability takes 30 minutes to fix and another 30 minutes to validate, we’re looking at nearly three weeks of work. This turnaround is certainly too long, costly and even impractical for large projects with many KLOCs or for environments with quick development cycles such as Agile/DevOps. With such a large amount of vulnerabilities, it should come as no surprise that vulnerable and unfixed code is often released. In this article, we show how visual insights into the vulnerability from origin to impact can help developers picture the security state of their code, view the effect of fixing vulnerabilities in different locations and automatically narrow down results from extra-large code bases to manageable amounts.

About the Author

About the Author

Never miss an update. Subscribe today!

By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx Privacy Policy and to
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.
Skip to content