Determining and managing application vulnerabilities

US 10,552,616 B2
Filed: 02/23/2017
Issued: 02/04/2020
Est. Priority Date: 02/23/2017
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

retrieving application files of an enterprise application store, wherein each application file corresponds to an application provided by the enterprise application store;

scanning each retrieved application file, wherein the scanning comprises identifying vulnerable application program interfaces that are used by each retrieved application file; and

assigning a vulnerability index to each application, based on the scanning of each application'"'"'s corresponding application file, wherein assigning the vulnerability index comprises calculating the vulnerability index based on the number of vulnerable application program interfaces that are used and a number of times that each vulnerable application program interface is used,wherein calculating the vulnerability index is further based on a threat weight of a threat category to which each vulnerable application program interface belongs.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes retrieving application files of an enterprise application store. Each application file corresponds to an application provided by the enterprise application store. The method also includes scanning each retrieved application file. The scanning includes identifying vulnerable application program interfaces that are used by each retrieved application file. The method also includes assigning a vulnerability index to each application, based on the scanning of each application'"'"'s corresponding application file.

11 Citations

View as Search Results

17 Claims

1. A computer implemented method comprising:
- retrieving application files of an enterprise application store, wherein each application file corresponds to an application provided by the enterprise application store;
  
  scanning each retrieved application file, wherein the scanning comprises identifying vulnerable application program interfaces that are used by each retrieved application file; and
  
  assigning a vulnerability index to each application, based on the scanning of each application'"'"'s corresponding application file, wherein assigning the vulnerability index comprises calculating the vulnerability index based on the number of vulnerable application program interfaces that are used and a number of times that each vulnerable application program interface is used,wherein calculating the vulnerability index is further based on a threat weight of a threat category to which each vulnerable application program interface belongs.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer implemented method of claim 1 wherein calculating the vulnerability index is further based on a vulnerability weight-age of an application-program-interface category to which each vulnerable application program interface belongs.
  - 3. The computer implemented method of claim 1 further comprising initiating at least one of blocking an application from accessing data, uninstalling an application, and wiping a device that uses an application, based upon the vulnerability index assigned to the application.
  - 4. The computer implemented method of claim 1, wherein identifying vulnerable application program interfaces that are used comprises identifying use of application programming interfaces that are listed on a dynamic application program interface matrix, and the application program interface matrix is dynamically modified.
  - 5. The computer implemented method of claim 4, wherein the dynamic application program interface matrix comprises application program interface categories, and the application program interface categories are dynamically modified.
  - 6. The computer implemented method of claim 4, wherein the dynamic application program interface matrix comprises threat categories, and the threat categories are dynamically modified.

7. A computer system comprising:
- a memory; and
  
  a processor system communicatively coupled to the memory;
  
  the processor system configured to perform a method comprising;
  
  retrieving application files of an enterprise application store, wherein each application file corresponds to an application provided by the enterprise application store;
  
  scanning each retrieved application file, wherein the scanning comprises identifying vulnerable application program interfaces that are used by each retrieved application file; and
  
  assigning a vulnerability index to each application, based on the scanning of each application'"'"'s corresponding application file, wherein assigning the vulnerability index comprises calculating the vulnerability index based on the number of vulnerable application program interfaces that are used and a number of times that each vulnerable application program interface is used;
  
  wherein calculating the vulnerability index is further based on a threat weight of a threat category to which each vulnerable application program interface belongs.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer system of claim 7, wherein calculating the vulnerability index is further based on a vulnerability weight age of an application-program-interface category to which each vulnerable application program interface belongs.
  - 9. The computer system of claim 7, wherein the processor system is further configured to perform initiating at least one of blocking an application from accessing data, uninstalling an application, and wiping a device that uses an application, based upon the vulnerability index assigned to the application.
  - 10. The computer system of claim 7, wherein the identifying vulnerable application program interfaces that are used comprises identifying use of application programming interfaces that are listed on a dynamic application program interface matrix, and the application program interface matrix is dynamically modified.
  - 11. The computer system of claim 10, wherein the dynamic application program interface matrix comprises application program interface categories, and the application program interface categories are dynamically modified.
  - 12. The computer system of claim 10, wherein the dynamic application program interface matrix comprises threat categories, and the threat categories are dynamically modified.

13. A computer program product for determining and managing application vulnerabilities, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions readable by a processor system to cause the processor system to:
- retrieve, by the processor system, application files of an enterprise application store, wherein each application file corresponds to an application provided by the enterprise application store;
  
  scan, by the processor system, each retrieved application file, wherein the scanning comprises identifying vulnerable application program interfaces that are used by each retrieved application file; and
  
  assign a vulnerability index to each application, based on the scanning of each application'"'"'s corresponding application file, wherein assigning the vulnerability index comprises calculating the vulnerability index based on the number of vulnerable application program interfaces that are used and a number of times that each vulnerable application program interface is used;
  
  wherein calculating the vulnerability index is further based on a threat weight of a threat category to which each vulnerable application program interface belongs.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13, wherein calculating the vulnerability index is further based on a vulnerability weight-age of an application-program-interface category to which each vulnerable application program interface belongs.
  - 15. The computer program product of claim 13, wherein the processor system is further caused to perform initiating at least one of blocking an application from accessing data, uninstalling an application, and wiping a device that uses an application, based upon the vulnerability index assigned to the application.
  - 16. The computer program product of claim 13, wherein the identifying vulnerable application program interfaces that are used comprises identifying use of application programming interfaces that are listed on a dynamic application program interface matrix, and the application program interface matrix is dynamically modified.
  - 17. The computer program product of claim 16, wherein the dynamic application program interface matrix comprises application program interface categories, and the application program interface categories are dynamically modified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bodin, William K., Dwivedi, Indiver N., Jaramillo, David
Primary Examiner(s)
Paliwal, Yogesh

Application Number

US15/440,643
Publication Number

US 20180239903A1
Time in Patent Office

1,076 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

Determining and managing application vulnerabilities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Determining and managing application vulnerabilities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links