PERFORMING SECURITY ANALYSIS ON A SOFTWARE APPLICATION

US 20120042384A1
Filed: 08/10/2010
Published: 02/16/2012
Est. Priority Date: 08/10/2010
Status: Active Grant

First Claim

Patent Images

1. A method for performing security analysis on a software application, the method comprising:

receiving application architecture information for a software application;

determining an application type based on the application architecture information;

performing one or more security tests on the software application based on the application type and the application architecture information; and

approving the software application to be available in an online marketplace if the software application passes the one or more security tests.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for performing security analysis on a software application. In one embodiment, a method includes receiving application architecture information for a software application; and determining an application type based on the application architecture information. The method also includes performing one or more security tests on the software application based on the application type and the application architecture information; and approving the software application to be available in an online marketplace if the software application passes the one or more security tests.

60 Citations

View as Search Results

20 Claims

1. A method for performing security analysis on a software application, the method comprising:
- receiving application architecture information for a software application;
  
  determining an application type based on the application architecture information;
  
  performing one or more security tests on the software application based on the application type and the application architecture information; and
  
  approving the software application to be available in an online marketplace if the software application passes the one or more security tests.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein a first application type is a composite application, and wherein a second application type is a native application.
  - 3. The method of claim 1, further comprising generating a risk score based on the application architecture information.
  - 4. The method of claim 1, further comprising generating a risk score if the application type is a composite application, wherein the risk score is based on the application architecture information.
  - 5. The method of claim 1, further comprising providing results to a user if the software application fails the one or more security tests.
  - 6. The method of claim 1, further comprising providing results to a user if the software application fails the one or more security tests, wherein the software application fails the one or more security tests if the one or more security tests identifies one or more security vulnerabilities.
  - 7. The method of claim 1, further comprising:
    - providing results to a user if the software application fails the one or more security tests, wherein the software application fails the one or more security tests if the one or more security tests identifies one or more security vulnerabilities; and
      
      requiring the user to address the security vulnerability issues within a predefined time period.

8. A computer-readable storage medium having one or more instructions thereon for performing security analysis on a software application, the instructions when executed by a processor causing the processor to:
- receive application architecture information for a software application;
  
  determine an application type based on the application architecture information;
  
  perform one or more security tests on the software application based on the application type and the application architecture information; and
  
  approve the software application to be available in an online marketplace if the software application passes the one or more security tests.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable storage medium of claim 8, wherein a first application type is a composite application, and wherein a second application type is a native application.
  - 10. The computer-readable storage medium of claim 8, wherein the instructions further cause the processor to generate a risk score based on the application architecture information.
  - 11. The computer-readable storage medium of claim 8, wherein the instructions further cause the processor to generate a risk score if the application type is a composite application, and wherein the risk score is based on the application architecture information.
  - 12. The computer-readable storage medium of claim 8, wherein the instructions further cause the processor to provide results to a user if the software application fails the one or more security tests.
  - 13. The computer-readable storage medium of claim 8, wherein the instructions further cause the processor to provide results to a user if the software application fails the one or more security tests, and wherein the software application fails the one or more security tests if the one or more security tests identifies one or more security vulnerabilities.
  - 14. The computer-readable storage medium of claim 8, wherein the instructions further cause the processor to:
    - provide results to a user if the software application fails the one or more security tests, wherein the software application fails the one or more security tests if the one or more security tests identifies one or more security vulnerabilities; and
      
      require the user to address the security vulnerability issues within a predefined time period.

15. An apparatus for performing security analysis on a software application, the apparatus comprising:
- a processor; and
  
  a storage device storing one or more stored sequences of instructions which when executed by the processor cause the processor to;
  
  receive application architecture information for a software application;
  
  determine an application type based on the application architecture information;
  
  perform one or more security tests on the software application based on the application type and the application architecture information; and
  
  approve the software application to be available in an online marketplace if the software application passes the one or more security tests.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein a first application type is a composite application, and wherein a second application type is a native application.
  - 17. The apparatus of claim 15, wherein the instructions further cause the processor to generate a risk score based on the application architecture information.
  - 18. The apparatus of claim 15, wherein the instructions further cause the processor to generate a risk score if the application type is a composite application, and wherein the risk score is based on the application architecture information.
  - 19. The apparatus of claim 15, wherein the instructions further cause the processor to provide results to a user if the software application fails the one or more security tests.
  - 20. The apparatus of claim 15, wherein the instructions further cause the processor to provide results to a user if the software application fails the one or more security tests, and wherein the software application fails the one or more security tests if the one or more security tests identifies one or more security vulnerabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Greene, Collin, Fly, Robert, Badhwar, Varun

Granted Patent

US 8,701,198 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/128 involving web programs, i.e...

G06F 2221/033 Test or assess software

PERFORMING SECURITY ANALYSIS ON A SOFTWARE APPLICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PERFORMING SECURITY ANALYSIS ON A SOFTWARE APPLICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links