System and method for managing security testing
First Claim
Patent Images
1. A method of maintaining a database of computer security data comprising the steps of:
- (a) providing a security database containing sets of data each with a unique database identifier, wherein ones of the data sets relate to different computer security vulnerabilities;
(b) obtaining a first set of data having a first identifier from a first source, wherein said first source contains first data sets each with a first unique identifier, and wherein ones of the first data sets relate to different computer security vulnerabilities;
(c) obtaining a second set of data having a second identifier from a second source, wherein said second source contains second data sets each with a second unique identifier, and wherein ones of the second data sets relate to different computer security vulnerabilities;
(d) providing a cross-reference database comprising a list of finding identifiers correlated with said first unique identifiers from said first source and said second unique identifiers from said second source, wherein said correlated identifiers each refer to a similar security vulnerability;
(e) determining if said first and said second identifiers correlate to the same finding identifier in said cross-reference database; and
(f) if a correlation exists, entering into said security database said first set of data and assigning said first set of data a unique database identifier.
2 Assignments
0 Petitions
Accused Products
Abstract
The subject matter relates generally to a system and method for managing security testing. Particularly, this invention relates to maintaining a security database by correlating multiple sources of vulnerability data and also to managing security testing from plural vendors. This invention also relates to providing secure session tracking by performing plural authentications of a user.
-
Citations
106 Claims
-
1. A method of maintaining a database of computer security data comprising the steps of:
-
(a) providing a security database containing sets of data each with a unique database identifier, wherein ones of the data sets relate to different computer security vulnerabilities;
(b) obtaining a first set of data having a first identifier from a first source, wherein said first source contains first data sets each with a first unique identifier, and wherein ones of the first data sets relate to different computer security vulnerabilities;
(c) obtaining a second set of data having a second identifier from a second source, wherein said second source contains second data sets each with a second unique identifier, and wherein ones of the second data sets relate to different computer security vulnerabilities;
(d) providing a cross-reference database comprising a list of finding identifiers correlated with said first unique identifiers from said first source and said second unique identifiers from said second source, wherein said correlated identifiers each refer to a similar security vulnerability;
(e) determining if said first and said second identifiers correlate to the same finding identifier in said cross-reference database; and
(f) if a correlation exists, entering into said security database said first set of data and assigning said first set of data a unique database identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method for managing computer security testing using data from plural sources, comprising the steps of:
-
(a) providing a database of computer security information, said database adapted to receive sets of data from plural computer security data sources;
(b) providing a computer-readable medium containing software for;
(1) receiving a first set of data from a first one of said plural sources, said first set of data containing information from at least one of a security task performed by said first source and a report of results from performing said security task by said first source;
(2) receiving a second set of data from a second one of said plural sources, said second set of data containing information from at least one of a security task performed by said second source and a report of results from performing said security task by said second source;
(3) preventing access, by a one of said plural sources, of data received in said security database from another of said plural sources;
(c) initiating a computer security test on a technology platform;
(d) receiving said first and second set of data;
(e) displaying information on a display device wherein said information is derived in part from at least one of said first and second sets of data; and
(f) managing the security vulnerability of the technology platform as a function of said information. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
-
54. An apparatus for maintaining a database of computer security data comprising:
-
a security database containing sets of data each with a unique database identifier, wherein ones of the data sets relate to different computer security vulnerabilities;
means for obtaining a first set of data having a first identifier from a first source, wherein said first source contains first data sets each with a first unique identifier, and wherein ones of the first data sets relate to different computer security vulnerabilities;
means for obtaining a second set of data having a second identifier from a second source, wherein said second source contains second data sets each with a second unique identifier, and wherein ones of the second data sets relate to different computer security vulnerabilities;
means for providing a cross-reference database comprising a list of finding identifiers correlated with said first unique identifiers from said first source and said second unique identifiers from said second source, wherein said correlated identifiers each refer to a similar security vulnerability;
means for determining if said first and said second identifiers correlate to the same finding identifier in said cross-reference database; and
means for entering into said security database said first set of data and assigning said first set of data a unique database identifier, if a correlation exists. - View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81)
-
-
82. An apparatus for managing computer security testing using data from plural sources, comprising:
-
a database of computer security information, said database adapted to receive sets of data from plural computer security data sources;
a processor programmed with instructions for;
(1) receiving a first set of data from a first one of said plural sources, said first set of data containing information from at least one of a security task performed by said first source and a report of results from performing said security task by said first source;
(2) receiving a second set of data from a second one of said plural sources, said second set of data containing information from at least one of a security task performed by said second source and a report of results from performing said security task by said second source;
(3) preventing access, by a one of said plural sources, of data received in said security database from another of said plural sources;
(4) initiating a computer security test on a technology platform upon receipt of a command from a user;
(5) receiving said first and second set of data;
(6) providing information that is derived in part from at least one of said first and second sets of data;
a display device for displaying said information; and
means for managing the security vulnerability of the technology platform as a function of said information. - View Dependent Claims (83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106)
-
Specification