Autonomous Patching in 72 Hours: Understanding SwyftComply on AppTrana WAAP

To comply with the security audit requirements of SOC 2, PCI, and others, your application audit report should have zero open vulnerabilities.

Most companies perform these audits at least annually, and the audits are more frequent for highly regulated industries such as finance and healthcare.

However, 31% of critical and high vulnerabilities remain open after 180 days – according to The State of Application Security.

Reasons for open vulnerabilities include inherited ones in an open-source platform like Apache or a third-party WordPress plug-in your team uses. There could also be a zero-day vulnerability for which a patch is unavailable.

Complying with security audits during that time becomes a fairly uphill task.

This blog discusses SwyftComply, the autonomous security policy generation feature on AppTrana WAAP.

Using SwyftComply, AppTrana customers can now produce a zero-vulnerability, clean report within 72 hours and pass security audits in a breeze.

Here’s how the SwyftComply Feature works:

1. Application Audit – Auto Scan & Pentest

• After onboarding, the integrated DAST scanner performs an AUTO SCAN of your application
• If you also have a pen-testing report by a certified security expert, share that with our support team
• In case you don’t have it, we recommend getting a manual Pen Testing report by our certified security experts (add-on) for a more comprehensive security assessment
• If you do not need the pentesting(PT) report, you can proceed with the SwyftComply request
• If you do need it, generate the SwyftComply request only after you receive the PT report

(Note: the 72-hour SLA on a clean report is only after identifying all vulnerabilities. So, if you opt for a PT from Indusface, you’ll need the complete PT report before the SLA applies.)

2. Reporting – Vulnerability Report

• Once scanning and pen-testing are complete, a comprehensive report of vulnerabilities is generated. Access these in the Vulnerabilities tab of the Scan Summary

3. Autonomous Protection

• Click “Initiate SwyftComply” to start the instant protection and access the screen detailing AppTrana – Swyft Comply.
• Then, click “Start Swyft Comply” to proceed
• You’ll see that certain open vulnerabilities are already protected by the default security policies
• Over the period of 72 hours, you’ll gradually see all the open vulnerabilities virtually patched
• At any point, you can see the protection status on the console

4. Re-validation – Automated Verification

• After patching, an automatic revalidation at the WAAP level ensures that the patches provide accurate protection

• Within 72 hours, the Protection tab of the Scan Summary section displays the status of vulnerabilities and their protection type
• Click “View SwyftComply Report” to access the zero vulnerability
• This detailed report provides a comprehensive overview of your application security status, ensuring all identified vulnerabilities are patched.
• Just provide a clean report to your security auditors. Compliance is now a breeze for your websites and APIs.

Note: Vulnerabilities that cannot be protected via WAAP will require fixing in the code.

If new vulnerabilities are identified later, you can “Initiate SwyftComply” again. Otherwise, the option will be disabled, but you can still view and download the existing zero vulnerability scan report anytime.

Take the hassle out of vulnerability patching and get zero vulnerability reports within just 72 hours. Click here to request a demo now!

Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn.