Using an expanded XML schema, largely based on the proposed Application Vulnerability Description Language standard, information about potential software vulnerabilities gleaned from SPI's application-vulnerability scans can be sent to NetContinuum's NC-1000 Web-security gateway. When potential vulnerabilities are discovered, the NC-1000 Web-application firewall can interpret the results, and a security policy is automatically recommended for the target app. The configuration changes can be applied to the NC-1000 firewall to improve security.
"This is a direct link between vulnerability scanning and active firewall management," says Pete Lindstrom, a research director at Spire Security. "This is a good start and paves the way for more vulnerability scanners and firewalls to quickly exchange information to security systems."