ASSESSMENT AND ANALYSIS OF SOFTWARE SECURITY FLAWS
First Claim
Patent Images
1. A method for assessing vulnerabilities of software applications, the method comprising:
- providing a plurality of software assessment testing engines, each configured to perform vulnerability tests on a software application; and
at a central server,receiving one or more components of the software application;
determining technical characteristics of the software application;
determining business context information relating to the software application;
determining a preferred assurance level for the software application based at least in part on the technical characteristics and business context information;
defining a vulnerability test plan for the software application based on the preferred assurance level, wherein the vulnerability test plan comprises one or more of the vulnerability tests; and
performing the vulnerability test plan.
1 Assignment
0 Petitions
Accused Products
Abstract
Security assessment and vulnerability testing of software applications is performed based at least in part on application metadata in order to determine an appropriate assurance level and associated test plan that includes multiple types of analysis. Steps from each test are combined into a “custom” or “application-specific” workflow, and the results of each test may then be correlated with other results to identify potential vulnerabilities and/or faults.
92 Citations
25 Claims
-
1. A method for assessing vulnerabilities of software applications, the method comprising:
-
providing a plurality of software assessment testing engines, each configured to perform vulnerability tests on a software application; and at a central server, receiving one or more components of the software application; determining technical characteristics of the software application; determining business context information relating to the software application; determining a preferred assurance level for the software application based at least in part on the technical characteristics and business context information; defining a vulnerability test plan for the software application based on the preferred assurance level, wherein the vulnerability test plan comprises one or more of the vulnerability tests; and performing the vulnerability test plan. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A security assessment platform for assessing vulnerabilities of software applications, the platform comprising:
-
a communications server for receiving (i) one or more components of a software application from a remote site, (ii) technical characteristics of the software application, and (iii) business context information relating to the software application; at least one testing engine for performing a plurality of vulnerability tests; and a testing workflow module for; defining an assurance level for the application based at least in part on the technical characteristics and business context information; defining a vulnerability test plan for the application based on the assurance level, the vulnerability test plan; and performing the vulnerability text plan, thereby producing assessment test results. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
Specification