×

Static security scanner for applications in a remote network management platform

  • US 10,719,611 B2
  • Filed: 09/27/2017
  • Issued: 07/21/2020
  • Est. Priority Date: 09/27/2017
  • Status: Active Grant
First Claim
Patent Images

1. A remote network management system comprising:

  • a computational instance associated with a managed network, the computational instance running in an environment having hardware resources configured to host a particular application, wherein the particular application is based on program code, uses one or more database tables, and defines at least two user roles with respect to accessing the program code and the one or more database tables, wherein a first user role of the at least two user roles and a second role of the at least two user roles have different sets of access permissions to the program code and the one or more database tables; and

    one or more processors; and

    a memory, wherein the memory includes instructions, that when executed by the one or more processors, cause the one or more processors to;

    receive, from a graphical user interface displayed on a client device, a request to scan the particular application, wherein the request comprises an identifier of the computational instance, a password for access to the computational instance, and an identifier of the particular application;

    in response to receiving the request to scan the particular application, retrieve the program code, the one or more database tables, and the one or more user roles from the computational instance based on the identifier of the computational instance, the password for access to the computational instance, and the identifier of the particular application;

    conduct a static security scan of the program code, the one or more database tables, and the one or more user roles, wherein conducting the security scan comprises;

    applying a set of rules that define security vulnerabilities that can be found in hosted applications on the remote network management system, wherein the set of rules take into account (i) relationships between the at least two user roles and the program code, (ii) relationships between the at least two user roles and the one or more database tables, and (iii) relationships between the at least two user roles; and

    identifying, as a security vulnerability, a relationship between the first user role and a second user role, wherein the relationship comprises the first user role deriving access permissions from the second user role; and

    transmit, to the client device, an update to the graphical user interface, wherein the update contains a categorized list of observed security vulnerabilities of the particular application that were found by the static security scan.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×