Proactive Risk Mitigation

 

The Threat Stack Application Security (AppSec) Monitoring proactively detects risk factors for attacks in your application’s code base. Once you add Threat Stack AppSec to your application, Threat Stack AppSec scans your code at build time for any potential risk factors. These risk factors include, but are not limited to, vulnerable third-party code libraries, improper use of cryptography, and un-optimized framework configurations. Results display on your selected microagent’s timeline and includes suggested remediation steps.

Access Microagent Timeline

If Threat Stack AppSec finds any risk factors, the results display on the Agent Timeline in the Application Risk pane.

  1. In the left navigation bar, select the Applications tab. In the right view pane, the Projects screen displays and lists all projects available to you.
  2. In the row for project whose microagents you want to display, click the Agents button. In the right view pane, the Agents screen displays and lists all microagents available to you.
  3. In the row for the microagent for which you want to see risks, click the micoragent name. The Agent Overview screen displays.


    AgentOverviewScreen.png

    Any risks Threat Stack AppSec finds in your application display in the Application Risk pane.

    AppRiskPane.png

Review and Remediate Risks to Your Application

The Application Risk pane displays all risk factors Threat Stack AppSec found in your application. Each risk factor displays in its own row. From the Application Risk pane, you can assess which risk factors need immediate remediation and which need further assessment. You can also view detailed information about a particular risk factor, including remediations.

The following diagram explains the information displayed in the Application Risk pane.

AppRiskPaneExplained.png

  1. Click the collapse / expand button to hide / show the Application Risk pane.
  2. The level of risk to your application posed by the risk factor. Threat Stack AppSec categorizes results in descending risk order, from high to low.
  3. The title of the risk factor.
  4. Click Information button to display the Information dialog. The Information dialog contains a detailed description of the risk, actions you can take to remediate the risk in your code base, and references for additional self-education on the risk factor.


    Remediation.png

  5. Click the Risk Instances button to open the details dialog. The details dialog lists all occurrences of the risk factor in your application and its specific location(s).


    RiskDetails.png

Dismiss Remediated Risk Factors

Once you remediate a risk factor, you can dismiss it from Threat Stack AppSec. If the remediation is successful, then the risk does not reappear the next time the application builds.

  1. In the left navigation bar, select the Applications tab. In the right view pane, the Projects screen displays and lists all projects available to you.
  2. In the row for project whose microagents you want to display, click the Agents button. In the right view pane, the Agents screen displays and lists all microagents available to you.
  3. In the row for the microagent for which you want to see risks, click the micoragent name. The Agent Overview screen displays.


    AgentOverviewScreen.png

  4. In the risk factor row you remediated, click the Risk Instances button. The details dialog displays.


    DismissOptions.png

  5. Do one of the following:
    • If you remediated the risk in all listed location, then in the Dismiss field, click the all link.
    • If you remediated the risk in multiple, but not all, listed locations, then select the check box(es) next to the location(s) of the risk factor you remediated and, in the Dismiss field, click the selected link.

    The details dialog displays the remaining number of instances of the risk factor in your application.

    RemainRiskFactors.png

  6. Click the Close button. You return to the Agent Overview screen.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request