Web application security frame
First Claim
1. A system that facilitates security modeling of a web-based application, comprising:
- a web application security model configuration component that facilitates identification of engineering expertise related to a threat modeling activity; and
a web application security frame component that incorporates the engineering expertise into a schema.
2 Assignments
0 Petitions
Accused Products
Abstract
A web application security frame (e.g., schema) that can incorporate expertise into an engineering activity, for example, a threat modeling activity, is provided. The novel web application security frame component can be applied to a threat modeling component to converge knowledge into the activity by identifying categories, vulnerabilities, threats, attacks and countermeasures. The novel schema can create a common framework that converges knowledge with respect to any application engineering activity (e.g., threat modeling, performance modeling). Additionally, a context precision mechanism can be employed to automatically and/or dynamically determine a context of a web application environment. This context can be used to automatically generate an appropriate web application security frame component.
-
Citations
20 Claims
-
1. A system that facilitates security modeling of a web-based application, comprising:
-
a web application security model configuration component that facilitates identification of engineering expertise related to a threat modeling activity; and
a web application security frame component that incorporates the engineering expertise into a schema. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method of executing a threat modeling activity of a web-based application, comprising:
-
identifying a category component related to the threat modeling activity;
identifying a vulnerability component related to the threat modeling activity;
identifying an attack component related to the threat modeling activity;
identifying a countermeasure component related to the threat modeling activity; and
incorporating the category component, the vulnerability component, the attack component and the countermeasure component into a web application security frame. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer-executable system that facilitates security engineering of a web-based application, comprising:
-
means for identifying a context of the web-based application;
means for identifying a category component based at least in part upon the context;
means for identifying a vulnerability component based at least in part upon the context;
means for identifying an attack component based at least in part upon the context;
means for identifying a countermeasure component based at least in part upon the context; and
means for incorporating the category component, the vulnerability component, the attack component and the countermeasure component into a web-based application security schema. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification