DAST and SAST Correlation Algorithm
Overview
This article explains about the matching algorithm used to correlate DAST and SAST findings in the Mend AppSec Platform. Correlation is established based on matching the path of a vulnerable endpoint and the CWE - the type of the vulnerability.
Note:
The matching for the DAST/SAST correlation relies on the detection of HTTP endpoints.
The domain part of the URL is ignored by the algorithm in the matching process.
Supported URL Patterns
The algorithm recognizes the following dynamic URL segment patterns:
Pattern Type | Example | Description | Framework Examples |
---|---|---|---|
DoubleCurlyBraces |
| Parameter with double curly braces | Handlebars, some templates |
CurlyBraces |
| Parameter with curly braces | Spring, ASP.NET Core |
OptionalColon |
| Optional parameter with colon prefix | Express.js |
ColonParenDotFormat |
| Parameter with format extension | Custom frameworks |
Colon |
| Parameter with colon prefix | Express.js |
AngleBrackets |
| Parameter with angle brackets | Angular, Flask |
DollarSign |
| Parameter with dollar sign | Some custom frameworks |
Detection Probabilities
The algorithm assigns probabilities for matches based on various factors:
Match Type | Description |
---|---|
Exact Match | The static URL perfectly matches the dynamic pattern, with all segments matching positionally |
Method Mismatch | The paths match but HTTP methods differ (e.g., GET vs POST) |
Partial Match | Some segments match but not all |
CWE Mismatch | No match due to different CWE (Common Weakness Enumeration) values |
.