1.
Validation of vulnerabilities
with edgescan
Validation is designed to help ensure we deliver false
positive free vulnerability intel to our clients.
1. Automation /Analytics based
2. Expert Validation.
1. Automated validation
• Automated Validation uses analytics by querying millions of vulnerability examples
from our Edgescan Data lake.
• Due to delivering hundreds of thousands of vulnerabilities we have strong
analytical models and associated data to determine if the probability of a
discovered vulnerability is a true positive.
• If such a vulnerability is discovered, based on its taxonomy, type and description
we can, with confidence, decide if a vulnerability is real or if it needs to move to
Step 2 (above). We call this an auto-commit vulnerability.
• Some vulnerabilities have a confidence probability of over 90% which results in
edgescan automatically publishing the issue to the client. If the confidence is
below a threshold the vulnerability is flagged for expert validation.
• Issues that are discovered (True positives and/or False positives) once processed
are added to the analytical data to further improve the auto commit accuracy. E.g
Vulnerabilities once determined to be True/false positives are marked as such in
the Data lake and are used to further enhance the probability models accuracy.
2. Expert validation
• Expert Validation is activated once a vulnerability is not fit for automatic validation
(Confidence interval is low from a probability standpoint or the vulnerability is a
High or Critical severity or a PCI Fail).
• Complex vulnerabilities, High and Critical severity generally undergo expert
validation.
• This results in super accurate vulnerability intelligence. Edgescan experts are
seasoned penetration testers whom, on a regular basis deliver penetration testing
fieldwork or via or PTaaS (Penetration Testing as a Service). They are OSCP/CREST
certified and certainly not SoC analysts.