APPARATUSES, METHODS AND SYSTEMS OF AN APPLICATION SECURITY MANAGEMENT PLATFORM

US 20110154498A1
Filed: 12/18/2009
Published: 06/23/2011
Est. Priority Date: 12/18/2009
Status: Active Grant

First Claim

Patent Images

1. A processor-enabled method, comprising:

obtaining application security data from a plurality of data sources;

associating the obtained data with at least one application;

generating via a processor a risk factor matrix for the at least one application based on the obtained data; and

evaluating the at least one application based on the generated risk factor matrix.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure details the implementation of apparatuses, methods and systems of an application security management platform (hereinafter, “ASMP”). ASMP systems may, in one embodiment, implement a live platform on a computerized system, whereby the platform may receive security data associated with a running application from multiple security tacking systems, evaluate the security performance of the application, generate an application security summary report for review and manage review processes for security professionals.

110 Citations

20 Claims

1. A processor-enabled method, comprising:
- obtaining application security data from a plurality of data sources;
  
  associating the obtained data with at least one application;
  
  generating via a processor a risk factor matrix for the at least one application based on the obtained data; and
  
  evaluating the at least one application based on the generated risk factor matrix.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the plurality of data sources comprise an asset security tracking system.
  - 3. The method of claim 1, wherein the application security data comprises application information, application security information and application trustee information.
  - 4. The method of claim 1, wherein obtaining application security data from a plurality of data sources comprises:
    - sending an access request to the plurality of data sources;
      
      if at least one of the plurality of data sources is available, receiving application security data from the at least one of the plurality of data sources, and updating a local cached copy of application security data in a database; and
      
      for those of the plurality of data sources that are not available to respond to the access request, retrieving the local cached copy of application security data corresponding to unavailable data sources from the database.
  - 5. The method of claim 4 further comprising periodically synchronizing the local cached copy of application security data in the database with the plurality of data sources, wherein the period may be predefined by a user.
  - 6. The method of claim 1, wherein associating the obtained data with at least one application further comprises automatic cross-check of overlapped data from different data sources via a processor.
  - 7. The method of claim 6, wherein the cross-check comprises:
    - retrieving at least one agreement rule from a database;
      
      applying the at least one agreement rule to the overlapped data from different data sources; and
      
      determining values of the overlapped data based on one of the different data sources.
  - 8. The method of claim 7, wherein the at least one agreement rule is predefined.
  - 9. The method of claim 1, wherein generating a risk factor matrix for the at least one application based on the obtained data comprises:
    - retrieving a risk factor intake form associated with the at least one application from a database, the risk factor intake form comprising a plurality of risk factor questions;
      
      displaying the plurality of risk factor questions via a user interface to at least one user;
      
      receiving an answer to each of the plurality of risk factor questions from the at least one user;
      
      converting the received answer associated with each of the plurality of risk factor questions to a numerical score; and
      
      generating an entry of the risk factor matrix based on the risk factor question and the associated numerical score.
  - 10. The method of claim 9 further comprising generating a risk factor intake form for the at least one application if there does not exist a stored risk factor intake form associated with the at least one application.
  - 11. The method of claim 10, wherein generating a risk factor intake form comprises:
    - assessing a plurality of components of the at least one application;
      
      determining a plurality of security evaluation criteria associated with the at least one application based on the assessment;
      
      determining a weighing factor associated with each security evaluation criterion;
      
      generating a risk factor intake form containing a plurality of risk factor questions based on the determined plurality of security evaluation criteria; and
      
      associating the generated risk factor intake form with a type of the at least one application.
  - 12. The method of claim 10 further comprising:
    - receiving assessment data of the at least one application via a user interface from a user; and
      
      receiving a plurality of security evaluation criteria associated with the at least one application via a user interface from a user.

13. An apparatus, comprising:
- a processor;
  
  a memory in communication with the processor and containing program instructions;
  
  an input device and an output device both in communication with the processor and memory, said output device providing a user interface;
  
  wherein the processor executes program instructions contained in the memory and the program instructions comprise;
  
  obtaining application security data from a plurality of data sources;
  
  associating the obtained data with at least one application program;
  
  generating a risk factor matrix for the application based on the obtained data;
  
  evaluating the application program based on the generated risk factor matrix; and
  
  outputting an application security report.

14. The apparatus of 13, wherein evaluating the at least one application based on the generated risk factor matrix comprises:
- generating a general risk score for the at least one application based on the risk factor matrix;
  
  determining a risk level associated with the at least one application based on the general risk score; and
  
  if the determined risk level is high, retrieving an action review form from a database,generating a second score of the at least one application based on the action review form,if the second score of the at least one application is lower than an action review threshold, labeling the at least one application as certified.
- View Dependent Claims (15, 16)
- - 15. The apparatus of claim 14, wherein the action review form is generated in association with a risk factor intake form.
  - 16. The apparatus of claim 14, wherein the action review threshold is predefined.

17. A processor readable medium, comprising:
- processor readable instructions stored in the processor readable medium, wherein the processor readable instructions are issuable by a processor to;
  
  obtain application security data from a plurality of data sources;
  
  associate the obtained data with at least one application;
  
  generate a risk factor matrix for the at least one application based on the obtained data; and
  
  evaluate the at least one application based on the generated risk factor matrix.
- View Dependent Claims (18, 19, 20)
- - 18. The medium of claim 17, wherein the processor readable instructions further comprises:
    - generating at least one review report of the at least one application based on the risk factor matrix and the evaluation.
  - 19. The medium of claim 17, wherein the processor readable instructions further comprises:
    - analyzing a risk score trend of an application; and
      
      displaying the analysis to a user.
  - 20. The medium of claim 17, wherein the processor readable instructions further comprises:
    - maintaining a work queue of review tasks for a user; and
      
      displaying a list of review tasks in the work queue in a sequential order via a user interface to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Hurst, Scott Allen, Fissel, Michael Scott, Grantges, David R.

Granted Patent

US 8,495,746 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

H04L 63/1433 Vulnerability analysis

H04L 63/20 for managing network securi...

APPARATUSES, METHODS AND SYSTEMS OF AN APPLICATION SECURITY MANAGEMENT PLATFORM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

110 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUSES, METHODS AND SYSTEMS OF AN APPLICATION SECURITY MANAGEMENT PLATFORM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links