Application Security

The Application Security domain helps you manage the security of the applications you build in-house by providing assurance and measurement of AppSec controls.

Panaseer improves AppSec decision-making with near-real-time security metrics and insight into application ownership. This improves accountability for security across the wider business and helps make security a priority during app development. Panaseer helps you understand the effectiveness of your AppSec program and enables you to create reports and configurable dashboards aligned to security frameworks and standards.

Benefits

  • Improve visibility and accountability by associating an application’s security posture to its business owner.
  • Prioritize remediation of application security flaws based on business risk.
  • Identify the types of flaws occurring most commonly across the organization, allowing you to prioritize in-house developer training and address root causes.
  • Combine different types of application scanning data and approaches, such as penetration testing, DAST and SAST), helping to address common flaws across your processes

Spotlight metric

Vulnerabilities on in-house applications

Identify which business areas need more support to resolve critical/high application security issues with a color coded view of issue hot spots.

This metric assesses the number of vulnerabilities on applications built in-house. It provides vulnerability counts color coded based on thresholds you’ve set (less than 200 is exceeding, less than 400 is passing, and over 400 is failing). Data is split by business unit to help drive accountability for security in app development

Example connectors

Checkmarx

Synk

Fortify

Available metrics

Type
Name
Description
Informational
Applications with detections and number of detections
The number of open applications with vulnerability detections and the number of detections
Informational
Applications with open critical/high vulnerability detections
The number of applications with open critical/high vulnerability detections
Informational
Applications with open vulnerability detections
The number of applications with open vulnerability detections
Policy
Applications out of scan SLA
The number of applications that have not been vulnerability scanned recently in line with SLA
Coverage
Applications in scope for scan SLA
The number of applications included in vulnerability scan frequency SLA analysis
Policy
Applications scanned in line with SLA
The number of applications that have been vulnerability scanned recently in line with SLA
Informational
Closed application vulnerability detections
The number of remediated application vulnerability detections
Policy
Critical/high application vulnerability detections out of SLA
The number of open critical/high application vulnerability detections out of remediation SLA
Informational
Critical/High Application Vulnerability Detections
The number of open critical/high application vulnerability detections
Policy
Application vulnerability detections out of SLA
The number of open application vulnerability detections out of remediation SLA
Informational
Open application vulnerability detections
The number of open application vulnerability detections
Diagnostic
Total remediation time for application vulnerability detections
The total time in days taken to remediate application vulnerability detections
Diagnostic
Average age of application vulnerability detections
The average age (days since first detection on application) of vulnerability detections
Diagnostic
Average open vulnerability detections per affected application
The average number of open vulnerability detections per application with detections
Policy
Applications out of scan SLA
The percentage of applications that have not been vulnerability scanned recently in line with SLA
Policy
Application vulnerability detections out of SLA
The percentage of open application vulnerability detections out of remediation SLA
Diagnostic
Average remediation time for application vulnerability detections
The average time in days taken to remediate application vulnerability detections
Compound risk
Unique Devices hosting Application
The number of devices in the Panaseer Inventory hosting applications
Compound risk
Unique Devices not hosting Application
The number of devices in the Panaseer Inventory not hosting applications
Compound risk
Accounts with access to applications
The number of accounts with access to an application
Compound risk
Unique applications hosted on devices
The number of unique applications that are hosted on devices
Compound risk
Unique applications not hosted on devices
The number of unique applications that are not hosted on devices

Patch Management metrics

Previous page

Identity and Access Management metrics

Next domain