June 18, 2008
 The Technical Side of Scanner Integration
Pin It

Rohit's enthusiastic post regarding scanner integration did not include too many details on the approach chosen by Imperva to integrate scanners within the SecureSphere Web Application Firewall. Let me shade some more light on what we've been doing in the past few months.

To begin with, we did not fancy the paradigm of serving as a copy-paste gateway between a scanner (or a scanner service) and a WAF nor did we want to miraculously turn random scanner output into WAF rules. Rather, we were interested in integrating the scanner as part of the WAF vulnerability management cycle. The idea is to load the vulnerability information into the Web Application Firewall and have the user manage the vulnerability up to the mitigation stage. Accordingly, we did not want to incorporate a single scanner, rather to build a framework based on our OpenSphere initiative to accomodate various scanners and scanning services. This would require the gathering of vulnerability information from different sources, in particular from different Web Application scanners and from Web Application security services.

We faced quite a few challenges when designing this capability...

  • The first was to translate vulnerability reports (file, database, etc.) of different scanners from their native format to a single uniform language. We were fortunate enough to have some of our partners to help us in this effort.
  • The next challenge was creating a platform to support a constant update mechanism for new vulnerabilities being discovered by the different sources (namely, the scanners). This is where the "ADC Update", an integral feature of SecureSphere, came in handy as we were able to actually leverage this existing platform.
  • In order to provide the tools for vulnerability management, we combined the information gathered from the external sources into SecureSphere's powerful and flexible built-in reporting engine. This allows the creation of reports with different levels of granularity according to those discovered vulnerabilities.
  • Finally, we have provided an easy integration path to create security policies that would mitigate the vulnerabilities, keeping track of which vulnerabilities are being mitigated by which rules.
One of the more powerful tools which we rely on is SecureSphere's Correlated Attack Validation capability which allows us to provide effective and accurate mitigation against the found vulnerability. All these new and exciting capabilities are seamlessly packaged into the SecureSphere product and delivered to existing customers through the powerful "ADC Update" mechanism.

You can guess by the tone that I'm also excited about this new addition to the SecureSphere set of capabilities as it extends our support for the enterprise security life cycle even further.


- Amichai


TrackBack URL for this entry:

Links referencing this article:


This sounds very interesting. I did notice a bunch of Web Service Providers in the link to OpenSphere initiative. I am curious as to which main stream/open source app scan engine's vulnerability signatures have been integrated into the current release of SecureSphere.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

« Pa(t)changa | Main | In Vegas. Again. PCI, Again »

Find Us Online
RSS Feed - Subscribe Twitter Facebook iTunes LinkedIn YouTube
Monthly Archives
Email Subscription
Sign up here to receive our blog: