This is the third in a three-part series describing the thought process and functionality behind SaltMiner, our enterprise dashboard for Application Security management.
See the first two installments here:
SaltMiner-- Design Objectives
First, we looked at our own AppSec program experience to define the pain that enterprises have, both in managing their application security data and determining their true application security posture. Then, we defined the necessary characteristics and requirements to manage an application security program from a data management perspective. In this installment, we'll describe what we built and how it helps enterprises manage and report on their AppSec, to a level that simply hasn’t been possible until now.
Functionally, SaltMiner helps enterprises:
- See vulnerabilities across all applications in an entire organization, within a single dashboard view
- Manage thousands of applications and scans, and all the testers who interact with them
- Aggregate and analyze application testing results, no matter their technology of origin
- Prove compliance by ensuring applications are being tested with the right technology, at the right time, and in the right order
To enable that functionality, we designed and built SaltMiner with three key architectural supports:
SaltMiner supports fast and scale-able integration of your existing testing methodologies and results. It gives an enterprise the ability to synchronize their testing results across their entire organization via REST APIs. So no matter the methodology, the results can be imported in a synchronized process.
SaltMiner’s aggregation technology, synchronizing data across the entire organization
Integration SaltMiner’s ETL processes integrates disparate application security data and stores it in one central database. Each process is customizable based on each unique customer's needs and environment.
SaltMiner scales linearly so when needed, servers can be added on the fly (aka the same process Google relies on for speed). SaltMiner leverages ElasticSearch and Kibana to manage results and reporting. This serves to make it scale-able for a large number of users while also being cost effective. SaltMiner also relies on the same integrated and standards-based authentication and authorization. And it means the data is open to your business needs with the appropriate level of security.