Knowledge-Based and Collaborative System for Security Assessment of Web Applications
First Claim
1. A system for assessing web application security comprising:
- a knowledge collection and representation component;
a knowledge presentation component; and
a knowledge integration component;
wherein the knowledge collection and representation component includesa component for organizing knowledge about threats and vulnerabilities to web applications into a standard format which relates said threats and vulnerabilities in a hierarchical manner; and
alsoa component which rates the vulnerabilities and threats according to a standard rating system.
1 Assignment
0 Petitions
Accused Products
Abstract
A standardized system for assessing the security of web based applications which has a component for collecting information regarding threat and vulnerabilities to web applications is described. The system includes a component for organizing the information regarding threat and vulnerabilities to web applications into a uniform language so that the information is integrated throughout the entirety of the system. Further, the system has a component for expressing the information in a structured and uniform format of a hierarchical relationship between threat and vulnerabilities which includes threat vulnerability trees. The system includes a component for rating the threats and vulnerabilities under a uniform rating system. The system includes a component for integrating the information into both a storage component and also a presentation component for presenting the information. The presentation component presents the information in a graphical format which visually demonstrates the relationships between the threats and the vulnerabilities.
-
Citations
20 Claims
-
1. A system for assessing web application security comprising:
-
a knowledge collection and representation component; a knowledge presentation component; and a knowledge integration component; wherein the knowledge collection and representation component includes a component for organizing knowledge about threats and vulnerabilities to web applications into a standard format which relates said threats and vulnerabilities in a hierarchical manner; and
alsoa component which rates the vulnerabilities and threats according to a standard rating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16)
-
-
13. A method of assessing web application security comprising:
-
collecting knowledge about web application security including information regarding threats and vulnerabilities of web applications; determining whether the knowledge is qualified; discarding knowledge that is not qualified; organizing the qualified knowledge into a structured format such that relationships of the threats and vulnerabilities are described in a hierarchical manner; assigning a rating to each of the threats and vulnerabilities based on a uniform rating system; integrating the organized knowledge into a presentation system; and presenting the knowledge to users to assess security of web applications. - View Dependent Claims (14, 15)
-
-
17. A standardized system for assessing security of web based applications comprising:
-
a component configured to collect information regarding threats and vulnerabilities to web applications from several different sources including experts in different fields and to collect information into a database; a component for organizing the information regarding threats and vulnerabilities to web applications into a uniform language; a component for expressing the information in a structured and uniform format of a hierarchical relationship between threats and vulnerabilities which includes threat vulnerability trees; a component for rating the threats and vulnerabilities under a uniform rating system; a component for integrating the information into both a storage component for storing the information and also a presentation component for presenting the information; wherein the storage component links the information with other information in the system including other threat vulnerability trees and documents which include further information about threats, vulnerabilities or suggestions for avoiding threats or vulnerabilities, wherein the presentation component presents the information in a graphical format to demonstrate the relationships between the threats and the vulnerabilities. - View Dependent Claims (18, 19, 20)
-
Specification