System and Method for Managing Security Testing
First Claim
Patent Images
1. A method for managing computer security testing using data from plural sources, comprising the steps of:
- (a) providing a database of computer security information, said database adapted to receive sets of data from plural computer security data sources;
(b) providing a computer-readable medium containing software for;
(1) receiving a first set of data from a first one of said plural sources, said first set of data containing information from at least one of a security task performed by said first source and a report of results from performing said security task by said first source;
(2) receiving a second set of data from a second one of said plural sources, said second set of data containing information from at least one of a security task performed by said second source and a report of results from performing said security task by said second source;
(3) preventing access, by a one of said plural sources, of data received in said security database from another of said plural sources;
(c) initiating a computer security test on a technology platform;
(d) receiving said first and second set of data;
(e) displaying information on a display device wherein said information is derived in part from at least one of said first and second sets of data; and
(f) managing the security vulnerability of the technology platform as a function of said information.
0 Assignments
0 Petitions
Accused Products
Abstract
The subject matter relates generally to a system and method for managing security testing. Particularly, this invention relates to maintaining a security database by correlating multiple sources of vulnerability data and also to managing security testing from plural vendors. This invention also relates to providing secure session tracking by performing plural authentications of a user.
12 Citations
50 Claims
-
1. A method for managing computer security testing using data from plural sources, comprising the steps of:
-
(a) providing a database of computer security information, said database adapted to receive sets of data from plural computer security data sources; (b) providing a computer-readable medium containing software for; (1) receiving a first set of data from a first one of said plural sources, said first set of data containing information from at least one of a security task performed by said first source and a report of results from performing said security task by said first source; (2) receiving a second set of data from a second one of said plural sources, said second set of data containing information from at least one of a security task performed by said second source and a report of results from performing said security task by said second source; (3) preventing access, by a one of said plural sources, of data received in said security database from another of said plural sources; (c) initiating a computer security test on a technology platform; (d) receiving said first and second set of data; (e) displaying information on a display device wherein said information is derived in part from at least one of said first and second sets of data; and (f) managing the security vulnerability of the technology platform as a function of said information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. An apparatus for managing computer security testing using data from plural sources, comprising:
-
a database of computer security information, said database adapted to receive sets of data from plural computer security data sources; a processor programmed with instructions for; (1) receiving a first set of data from a first one of said plural sources, said first set of data containing information from at least one of a security task performed by said first source and a report of results from performing said security task by said first source; (2) receiving a second set of data from a second one of said plural sources, said second set of data containing information from at least one of a security task performed by said second source and a report of results from performing said security task by said second source; (3) preventing access, by a one of said plural sources, of data received in said security database from another of said plural sources; (4) initiating a computer security test on a technology platform upon receipt of a command from a user; (5) receiving said first and second set of data; (6) providing information that is derived in part from at least one of said first and second sets of data; a display device for displaying said information; and means for managing the security vulnerability of the technology platform as a function of said information. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
Specification