Domain Intel: SAST Overview Print

Domain Intel: SAST Overview Page

Overview

The SAST Overview page in TRaViS EASM, located under the Domain Intel section, provides a high-level summary of Static Application Security Testing (SAST) findings for a specific domain, in this case, example.com. Accessible via the Domain Intel > CVE Intelligence section in the left navigation menu, this page aggregates vulnerabilities identified in the domain’s code, categorizing them by severity (Low, Medium, High). Designed for Security Operations Center (SOC) teams, this page enables users to quickly assess the overall security posture of the domain’s applications, prioritize remediation efforts, and drill down into specific vulnerabilities for further analysis.

Page Layout

The SAST Overview page is structured to deliver a clear and concise summary of SAST findings, with a straightforward layout. The page includes:

• Header Metrics Panel: Summarizes the total number of vulnerabilities by severity.
• Severity Filters: Allows users to filter vulnerabilities by severity level (Low, Medium, High).
• Vulnerability Table: Lists individual vulnerabilities with details and links for further investigation.
• Navigation and Export Tools: Offers options for data management and reporting.

Key Features and Capabilities

Header Metrics Panel: Vulnerability Summary

The header section provides a snapshot of the total number of vulnerabilities identified, categorized by severity.

• Low Vulnerabilities:
  • Displays the number of low-severity vulnerabilities (e.g., 16 for example.com).
  • Benefit: Highlights minor issues that may not pose immediate threats but should be addressed to improve overall security.
• Medium Vulnerabilities:
  • Shows the number of medium-severity vulnerabilities (e.g., 1 for example.com).
  • Benefit: Identifies issues that pose a moderate risk, requiring attention to prevent potential exploitation.
• High Vulnerabilities:
  • Indicates the number of high-severity vulnerabilities (e.g., 0 for example.com).
  • Benefit: Flags critical issues that need immediate action, though none are present in this case.

User Value: This panel provides a quick overview of the domain’s vulnerability landscape, enabling users to prioritize remediation efforts based on severity.

Severity Filters: Focused Analysis

Below the header metrics, the page includes severity filters to refine the vulnerability list.

• Low Severity Bugs:
  • Filters the table to show only low-severity vulnerabilities.
  • Benefit: Allows users to focus on minor issues for scheduled maintenance.
• Medium Severity Bugs:
  • Filters the table to show only medium-severity vulnerabilities.
  • Benefit: Helps users address moderate risks that could escalate if left unresolved.
• High Severity Bugs:
  • Filters the table to show only high-severity vulnerabilities.
  • Benefit: Ensures users can quickly identify and address critical issues, though none are present here.

User Value: The severity filters enable users to focus on specific vulnerability categories, streamlining the remediation process.

Vulnerability Table: Detailed Findings

The main section of the page features a table listing individual vulnerabilities, providing detailed information for each finding.

• Columns:
  • Vulnerability: Lists the vulnerability identifier (e.g., 87231, 87232).
    • Benefit: Provides a unique reference for tracking and reporting each issue.
  • Domain: Specifies the domain or subdomain where the vulnerability was found (e.g., example.com, appdiscover.example.com).
    • Benefit: Identifies the specific scope of the vulnerability, enabling targeted remediation.
  • Vuln File: Indicates the file or resource containing the vulnerability (e.g., core.js, evergreen.app-1.8.0.js).
    • Benefit: Pinpoints the exact location of the issue within the codebase.
  • Host: Lists the host URL where the vulnerable file is located (e.g., unique URL(s) Discovered containing possible Vulnerable File).
    • Benefit: Provides a clickable link to the host for further investigation, though the placeholder text is shown here.
• Data Examples:
  • Vulnerability 87231 on example.com in core.js with a host URL of unique URL(s) Discovered containing possible Vulnerable File.
  • Vulnerability 87232 on appdiscover.example.com in evergreen.app-1.8.0.js with a similar host URL.
  • All vulnerabilities listed are low-severity (16 total), with one medium-severity vulnerability (e.g., 87247 on example.com in share.min.js).
  • Benefit: Enables users to identify specific files and hosts affected by vulnerabilities, facilitating targeted remediation.
• Features:
  • Pagination: Supports navigation through multiple pages of vulnerabilities (e.g., Showing 1 to 10 of 16 entries, with Previous/Next buttons).
    • Benefit: Ensures scalability for domains with numerous vulnerabilities.
  • Search Bar: Allows users to search for specific vulnerabilities, domains, or files.
    • Benefit: Enhances usability by enabling quick lookup of specific issues.
  • Clickable Links: The "Host" column likely provides clickable URLs to drill down into detailed findings (though placeholder text is shown).
    • Benefit: Facilitates deeper investigation by linking to specific host details or SAST results.

User Value: The Vulnerability Table provides a detailed list of SAST findings, enabling users to identify, prioritize, and investigate vulnerabilities across the domain’s codebase.

Navigation and Export Tools

The page includes tools for managing and sharing data:

• Search Bar:
  • Located above the Vulnerability Table.
  • Benefit: Allows users to quickly find specific vulnerabilities, domains, or files.
• Pagination:
  • Supports navigation through multiple pages of data (e.g., Previous/Next buttons).
  • Benefit: Ensures scalability for domains with extensive findings.
• Left Navigation Menu:
  • Includes links to other TRaViS features (e.g., Dashboard, CVE Intelligence, Domain Scanner).
  • Benefit: Provides seamless access to additional tools and views within the TRaViS platform, with the Domain Intel section expanded to show the CVE Intelligence page (used for SAST Overview).

User Value: These tools enhance usability by enabling efficient navigation and search within the SAST Overview page.

Benefits for Security Teams

The SAST Overview page for example.com offers several key benefits:

• High-Level Visibility: Summarizes vulnerabilities by severity, providing a quick overview of the domain’s code security posture.
• Prioritized Remediation: Categorizes vulnerabilities into Low, Medium, and High severity, helping users focus on critical issues first.
• Detailed Insights: Lists specific files, domains, and hosts affected by vulnerabilities, enabling targeted remediation.
• Scalability: Supports pagination and search, making it easy to manage large datasets of findings.
• Proactive Security: Enables users to address code-level vulnerabilities before they can be exploited, reducing the domain’s attack surface.

Conclusion

The SAST Overview page in TRaViS EASM, located under Domain Intel, is a powerful tool for summarizing and managing Static Application Security Testing findings for a domain. By providing a clear breakdown of vulnerabilities by severity, detailed file and host information, and efficient navigation tools, it empowers security teams to prioritize and address code-level risks effectively. This documentation will continue to expand as additional pages and features are explored.