ASSESSMENT AND ANALYSIS OF SOFTWARE SECURITY FLAWS
First Claim
Patent Images
1. A method for assessing vulnerabilities of software applications, the method comprising:
- providing a plurality of software assessment testing engines, each configured to perform vulnerability tests on a software application;
receiving technical characteristics of the software application;
receiving business context information relating to the software application;
determining a preferred assurance level for the software application based at least in part on the technical characteristics and business context information; and
defining a vulnerability test plan for the software application based on the preferred assurance level, wherein the vulnerability test plan comprises one or more of the vulnerability tests.
6 Assignments
0 Petitions
Accused Products
Abstract
Security assessment and vulnerability testing of software applications is performed based at least in part on application metadata in order to determine an appropriate assurance level and associated test plan that includes multiple types of analysis. Steps from each test are combined into a “custom” or “application-specific” workflow, and the results of each test may then be correlated with other results to identify potential vulnerabilities and/or faults.
183 Citations
22 Claims
-
1. A method for assessing vulnerabilities of software applications, the method comprising:
-
providing a plurality of software assessment testing engines, each configured to perform vulnerability tests on a software application; receiving technical characteristics of the software application; receiving business context information relating to the software application; determining a preferred assurance level for the software application based at least in part on the technical characteristics and business context information; and defining a vulnerability test plan for the software application based on the preferred assurance level, wherein the vulnerability test plan comprises one or more of the vulnerability tests. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A security assessment platform for assessing vulnerabilities of software applications, the platform comprising:
-
a communications server for receiving technical characteristics of a software application and business context information relating to the software application; at least one testing engine for performing a plurality of vulnerability tests; and a testing workflow module for; defining an assurance level for the application based at least in part on the technical characteristics and business context information; defining a vulnerability test plan for the application based on the assurance level, the vulnerability test plan comprising two or more vulnerability tests to be performed by the testing engine; correlating the results of the two or more vulnerability tests to identify related faults in the application. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A method for assessing the quality of a software application, the method comprising:
-
receiving technical characteristics of a software application; receiving business context information relating to the software application; defining a vulnerability test plan for the software application based on the technical characteristics and business context information, the vulnerability test plan specifying a plurality of vulnerability tests; executing, on at least one software assessment testing engine, the vulnerability tests of the test plan; storing results of the vulnerability tests in a data storage device; and assessing a quality metric of the software application by comparing the results of the vulnerability tests with vulnerability test results performed on other software applications of known quality and having technical characteristics and business context information in common with the software application. - View Dependent Claims (22)
-
Specification