ction | |----------|---------------------|-------------------------|-------------------------------|------------------------| | Traditional Scanner (ZAP/Burp) | 38% | 82% | 45 mins | 0% | | Manual Code Review | 5% | 71% | 120 mins | N/A | | Permi (AI-Filtered) | 9% | 94% | 28 mins | 76% |

Key Findings:

• AI context-aware filtering reduces false positives by ~76% compared to rule-based engines.
• Dynamic crawling with payload mutation achieves 94% detection rate on blind/time-based SQLi and reflected XSS.
• Static-to-dynamic correlation cuts average triage time from hours to minutes, enabling CI/CD integration without pipeline bottlenecks.

Core Solution

Permi operates through two complementary scanning modes, unified by a centralized AI triage pipeline that validates findings against code semantics, runtime behavior, and exploitability thresholds.

--url — Live web scanning

Point Permi at any website. It crawls the pages, tests for SQL injection, XSS, and checks security headers on the running application.

permi scan --url https://yoursite.com

Technical Implementation:

• Crawling Engine: Headless browser automation with JavaScript execution support, respecting robots.txt and configurable depth limits.
• Payload Injection: Context-aware mutation engine that adapts SQLi/XSS payloads based on observed input sanitization, content types, and framework-specific behaviors.
• Header Validation: Automated verification of HSTS, CSP, X-Frame-Options, and X-Content-Type-Options against OWASP Secure Headers Project baselines.
• AI Triage: LLM-based validator cross-references HTTP responses, error stacks, and timing anomalies to confirm exploitability before reporting.

--path — Static source code scanning

Point Permi at a local folder or GitHub repository. It reads your code files, matches vulnerability patterns, and flags issues before they ship.

permi scan --path ./myapp
permi scan --path https://github.com/user/repo

Technical Implementation:

• AST Parsing & Pattern Matching: Language-agnostic static analysis using abstract syntax tree traversal to identify unsafe function calls, hardcoded secrets, and insecure dependency usage.
• Dependency Graph Analysis: Resolves package.json, requirements.txt, pom.xml, etc., to flag known CVEs and license compliance risks.
• Code-to-Runtime Correlation: Maps static findings to likely execution paths, suppressing alerts in unreachable code or properly abstracted ORM layers.
• Pre-Commit Integration: Outputs SARIF/JSON reports compatible with GitHub Actions, GitLab CI, and local IDE plugins.

Pitfall Guide

1. Ignoring AI Confidence Thresholds: Setting the AI filter too aggressively can mask edge-case vulnerabilities in legacy codebases. Calibrate confidence scores per environment (e.g., --confidence-threshold 0.75 for staging, 0.90 for production).
2. Misconfiguring --url Scope: Scanning without proper authentication, session tokens, or route whitelisting leads to incomplete coverage of protected endpoints. Always inject valid session cookies or use --auth-header for API-backed applications.
3. Over-Reliance on Static Analysis (--path): Static scanning cannot detect runtime configuration flaws, environment variable leaks, or infrastructure misconfigurations. Pair --path with --url for full-stack coverage.
4. Deprioritizing Security Header Findings: Missing HSTS or CSP headers are often treated as low-severity, but they are critical for mitigating XSS, clickjacking, and MIME-sniffing attacks. Treat header violations as high-priority in CI/CD gates.
5. Triggering WAFs or Rate Limits: Aggressive concurrency or unthrottled payload injection can trigger WAF blocks or crash staging environments. Use --concurrency 4 and --delay 200ms for production-adjacent targets.
6. False Sense of Security from AI Filtering: AI reduces noise but does not replace secure coding practices or penetration testing. Integrate Permi findings into remediation workflows, not just dashboards, and validate critical alerts manually.

Deliverables

• 📘 Permi Integration Blueprint: Architecture diagram detailing the AI triage pipeline, crawler orchestration, static analysis modules, and CI/CD webhook integration. Includes deployment topologies for on-prem, cloud, and hybrid environments.
• ✅ Pre-Scan & Triage Checklist: Step-by-step validation workflow covering target scoping, authentication setup, AI threshold calibration, false-positive review protocols, and remediation prioritization matrices.
• ⚙️ Configuration Templates: Production-ready YAML/JSON profiles for scan modes, AI confidence tuning, header validation baselines, and GitHub Actions/GitLab CI pipeline snippets. Includes environment-specific overrides for development, staging, and production.