The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
If your business is like most, you have plenty of applications and plenty of data flowing through them. Applications are a popular attack vector for this exact reason, but despite its importance, application security remains a largely immature part of many companies’ security programs.
Application security tools are often deployed in isolation, leaving your application security team with insufficient context to determine which vulnerabilities to remediate first. They have the accountability, but most of the responsibility for remediating vulnerabilities sits with development teams. This is why application security teams require data they can stand by to effectively influence development decisions.
Cisco Vulnerability Management's Application Security module solves these challenges by bringing data from your application security tools into one solution. It provides multi-dimensional views of application security flaws and helps you prioritize those findings based on risk. With the Application Security module, you can thoroughly investigate application security vulnerabilities, make evidence-based remediation decisions, and maximize limited resources.
● Gain comprehensive application security context by bringing application security data from a range of sources into a unified view.
● Focus on what matters most to you and execute a triage workflow for categorizing application security findings.
● Maintain your application security workflows by integrating with application security and workflow tools.
● Maximize the efficiency of your limited resources by prioritizing remediation efforts based on risk.
Preserve your application security workflows
Application vulnerabilities are complex and dynamic in nature, with major interdependencies that can create significant fluctuations in risk at different stages of the application development lifecycle. The Application Security module understands the unique nature of application vulnerabilities and provides application risk scores. The application findings risk scores for software security flaws (CWEs) are calculated as a normalized value on a scale of 1 to 100 of the severity passed by scanners. Findings that are vulnerabilities (CVEs) are calculated using Cisco Vulnerability Management's risk-based predictive modeling technology. These risk scores give application security teams a far more granular and accurate view of their risk posture and enable them to accurately assess their application risk posture throughout the development lifecycle.
Ingest data from existing tools
The Data Importer is a generic connector that enables easy normalization of non-standard data and provides a way for customers to import custom data sources into the Application Security module within Cisco Vulnerability Management. It can be used to ingest almost any type of data that is available as a JSON file and is particularly valuable to application security teams as it delivers near-universal compatibility with security data sources to provide enhanced context, risk-scoring, and prioritization.
The Application Security module supports multiple triage states, multiple closed states, and the ability to mark a finding or vulnerability as “risk accepted”. Cisco Vulnerability Management's Application Security module also supports the ability to roll up all findings associated with specific CWEs or CVEs so you can focus on the level of detail that matters the most to you.
The Application Security module provides rich contextual data on every finding and vulnerability and enables application security teams to focus on what matters most by displaying critical details regarding findings and vulnerabilities. With the ability to clearly group applications, application security teams can more easily assess, triage, manage, and report application findings and vulnerabilities across their environment.
The Application Security module's API takes a front seat in the product. Due to the importance of interoperability and automation in the application security space, Cisco Vulnerability Management has added full findings support to its RESTful API. Some examples of what can be done with the API are scripts that pull in findings programmatically from a file, push findings to a file, automatically create and update tickets based on a given set of criteria, and more.
The Application Security module is available as an add-on to Cisco Vulnerability Management.
A view of applications and associated risk scores within the Application Security module's applications dashboard.