Remediation using SAST Recommendations

Recommendation service helps you understand the impact or root cause of any detected vulnerabilities, recommendation service also correlates detected findings or vulnerabilities with OWASP top 10 rankings to give you more context and information on detected vulnerabilities. Recommendation service gives you two kinds of recommendations for any detected vulnerabilities.

1. Descriptive - This kind of recommendation helps you understand vulnerabilities and some methods to protect your application from such vulnerabilities by following some basic rules or good practices. This kind of recommendation is not focused on any specific tech stack or programming language. The descriptive recommendation shows you the following details

• OWASP Ranking

• CWE Information

• Some example bad codes

• Attack Scenarios

• Attack prevention techniques

2. Code Snippets - This kind of recommendation gives you examples of code snippets in different programming languages, where our recommendation services show you vulnerable codes and fixes for those vulnerabilities.

Step 1 : Select “Recommendations” for recommendations.

To understand how a recommendation service works. You can run a SAST scan for any supported programming language and then open the report. You’ll see a “Recommendations” button in the footer section of each finding.

Click on “Recommendations” and you’ll see this kind of popup with detailed recommendations.

Here you can see a detailed description of CWE-22 and if you scroll down, you’ll also see more detailed attack prevention techniques.

Step 2: Code Recommendations

The next part is code recommendations. As you can see, there are some code recommendations here. You’ll also notice an arrow icon on top of code recommendations, that gives you an option to see code suggestions in different available languages like javascript, java, python, php, ruby, etc.