Context-Aware Security Intelligence of Vulnerability Scanners in Cloud-native Environments

Simon Ammer, Jens Krösche, Markus GierlingerMario Kahlhofer

ADAPTIVE 2022, The Fourteenth International Conference on Adaptive and Self-Adaptive Systems and Applications , 2022

Even as black-box web vulnerability scanners help identify security vulnerabilities of web applications, they still have problems with false alarms, as they lack insight into the context of applications. Without this supplemental information like the topology of the underlying application or the runtime, scanners cannot precisely assess a threat’s actual severity, leading to false alarms and a challenge for security experts to prioritize vulnerabilities. Especially with the increasing popularity of microservices and highly dynamic cloud environments, this prioritization task becomes more difficult due to this environment. This paper bridges this gap by enriching web vulnerability scanner reports with context information to understand security threats better and reduce false positives. To this end, we developed a rule-based system that is extensible for multiple use cases, and we propose a framework to evaluate the approach’s effectiveness using the insecure web applications Unguard and Open Web Application Security Project (OWASP) JuiceShop.