SECURITY ENGINEERING AND THE APPLICATION LIFE CYCLE
First Claim
1. A system that facilitates security engineering of an application, comprising:
- a security engineering component that includes a plurality of security engineering activities; and
a security integration component that integrates a subset of the plurality of security engineering activities into development of the application.
2 Assignments
0 Petitions
Accused Products
Abstract
A novel approach to security engineering that leverages expertise to enable a user to design, build and deploy secure applications is disclosed. In doing so, the innovation discloses novel techniques and mechanisms that integrate security into the application development lifecycle and to adapt current software engineering practices and methodologies to include specific security related activities. These activities include identifying security objectives, creating threat models, applying secure design guidelines, patterns and principles, conducting security design inspections, performing regular code inspections, testing for security, and conducting deployment inspections to ensure secure configuration.
79 Citations
20 Claims
-
1. A system that facilitates security engineering of an application, comprising:
-
a security engineering component that includes a plurality of security engineering activities; and
a security integration component that integrates a subset of the plurality of security engineering activities into development of the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method of engineering an application, comprising:
-
identifying a category;
identifying a security objective based at least in part upon the category; and
integrating a security engineering activity based at least in part upon the security objective. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer-executable system that facilitates security engineering of an application, comprising:
-
means for identifying a usage scenario associated with the application;
means for identifying a security objective based at least in part upon the usage scenario; and
means for integrating security expertise into the application based at least in part upon the performance objective. - View Dependent Claims (20)
-
Specification