On the Benefits of Vulnerability Data Consolidation in Application Security

Abstract

This research aims to build upon a conceptual idea of consolidating all application security vulnerability data from monitoring, detection, and discovery tools into a physical system that allows for convergence of observation and response to an event that is a threat. Multiple application security testing and monitoring tools are deployed at different layers of an application architecture and capture activities that occur at that layer. This multi-layer data capture is disconnected without any analysis of data lineage from the externally exposed web attack surface to deep down into the application and data layers. It is only through this data consolidation can one provide a reliable statistical analysis of correlating multiple vulnerability information and synthesize an attack pattern and predict possible events accurately. The benefits of such a system are discussed in this paper that includes how one can organize the data, identifying temporal and spatial correlation of events, focusing on specific web requests that point to a specific vulnerability, and formulating a fast response to such events. Advantages of integrating with Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR/XSOAR), Extended Detection Response (XDR) are briefly discussed. The analysis can be further used to develop a predictive system using deep learning (DL) techniques using correlation of application security vulnerability information.