Study on the Usage & Efficacy of Novel Deep Learning Techniques to Automate Security Alert Dismissal Review Process in Application Security

Abstract

Majority of the security issues that organization face today, such as security breaches, data exfiltration, hacktivist campaigns, DoS are a direct result of exploitability of vulnerabilities in application source code/hosted environment/libraries/exposed secrets. Therefore, there is an inherent need to understand the space and design solutions that would prevent such exploits to occur in first place assisting software engineers and application security experts likewise. Therefore, automation is an important piece that can provide early detection and thereby remediation for these problems.
Modern devsecops practice in application security space promotes flaw detection across application using a standard combination of tools like SAST, DAST/IAST, SCA and Secret Scanning. Depending on their configurations, these tools in combination can provide a robust application security framework to prevent vulnerabilities creeping into applications by creating alerts through scanning and detection. These alerts can be categorized based on their severity on CWE/CVE scores and rated as ‘critical’, ‘high’, moderate’, ‘low’ and ‘informational’. But, the tools will be efficient as long as their output is processed properly. Governance is that mechanism through which policies are enforced on the output developed by these tools. Now, based on the risk appetite and tooling result quality – the policies are usually not applicable on all alerts that is being created. The developers are enforced through policies to mitigate sever ‘critical’ alerts and leave other categories such as ‘high’ alerts ignored or closed without doing due diligence. With the volume of alerts produced coupled with False Positives, it is hard for ssdlc analysts or developers to go through all relevant alerts. However, this also creates a risk as some of the improperly closed alerts might have flaws that can be exploited causing financial/reputation loss especially for Fintech organizations.
Recently there has been significant improvement in ML/deep learning space using feedback mechanism. This paper would study that deep learning technique such as GNN could be leveraged to plug the gap in appsec tool alert remediation space, and can provide a way to automate process to mitigate improper closure of alerts and enable appsec engineers to train such model based on feedback using JSON dataset and eventually propose a framework to implement such.