Glog Resolver is part of Glog Solution which in communication with Glog Server discovers context of source code that is analyzed and performs context specific triage and remediation. Glog Resolver is executed on the client side, where it analyzes source code and prepares data to be sent to Glog Server. Based on analysis results provided by the server, Glog Resolver performs triage and provides context specific remediation.
Application Onboarding – Prior to scanning, Glog Resolver analyzes applications to detect all potential sources of tainted data. Based on analysis, Glog server prompts users with a set of questions to communicate all design and architectural decisions, policies, as well as all security controls suggested by threat model. This approach enables us to discover part of the context related to application architecture and execution environment.
Triage – After the SAST engine provides findings, Glog Resolver analyzes the context for each part of the source code to detect validation routines, encoders and sanitizers. It uses analysis results together with context discovered in the onboarding step to perform triage and filter out false positives.
Remediation – Glog Resolver uses collected information and discovered context from onboarding and triage to further analyze structure of tainted data and vulnerable data flows. It communicates with Glog Server to obtain context specific remediation advice.
Leave a Reply
You must be logged in to post a comment.