Method and System for Generating an Enforceable Security Policy Based on Application Sitemap
First Claim
1. A system for generating a security policy for protecting an application-layer entity, comprising:
- a security sitemap generator for generating a security sitemap of a protected application-layer entity, the security sitemap is stored in a first repository connected to the security sitemap generator; and
a policy builder for generating a security policy for the application-layer entity based on the security sitemap, the security policy is stored in a second repository connected to the policy builder, wherein the security policy includes a plurality of enforcement rules for at least one of a resource, a group of resources, and a client-side input parameter of at least a portion of the protected application-layer entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for generating a security policy for protecting an application-layer entity. The system comprises a security sitemap generator for generating a security sitemap of a protected application-layer entity, the security sitemap is stored in a first repository connected to the security sitemap generator; and a policy builder for generating a security policy for the application-layer entity based on the security sitemap, the security policy is stored in a second repository connected to the policy builder, wherein the security policy includes a plurality of enforcement rules for at least one of a resource, a group of resources, and a client-side input parameter of at least a portion of the protected application-layer entity.
-
Citations
38 Claims
-
1. A system for generating a security policy for protecting an application-layer entity, comprising:
-
a security sitemap generator for generating a security sitemap of a protected application-layer entity, the security sitemap is stored in a first repository connected to the security sitemap generator; and a policy builder for generating a security policy for the application-layer entity based on the security sitemap, the security policy is stored in a second repository connected to the policy builder, wherein the security policy includes a plurality of enforcement rules for at least one of a resource, a group of resources, and a client-side input parameter of at least a portion of the protected application-layer entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for generating a security policy for protecting an application-layer entity, comprising:
-
generating a security sitemap of a protected application-layer entity; storing the security sitemap in a first repository; generating a security policy for the application-layer entity based on the security sitemap, the security policy includes, in part, a plurality of enforcement rules for at least one of a resource, a group of resources, and a client-side input parameter of at least a portion of the protected application-layer entity; and providing the security policy to an application layer security system for enforcement of the security policy. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 37)
-
-
32. A system for generating a security sitemap of an application-layer entity comprising:
-
a crawler for generating and sending requests to a server executing the application-layer entity, the crawler further processes responses received from the server to generate subsequent requests responsive of the received responses; an analyzer for processing the requests to produce the security sitemap; and a first repository for storing the security sitemap. - View Dependent Claims (33, 34, 35, 36)
-
-
38. A system for generating a security sitemap of an application-layer entity comprising:
-
a file system crawler installed in a server executing the application-layer entity, wherein the file system crawler parses file system files and provides at least one of a list of resources, client-side input parameters, and allowable client-side input parameters'"'"' values of the application-layer entity; a parser for parsing the list of resources provided by the file system crawler; an analyzer for processing the parsed information for producing the security sitemap; and a first repository for storing the security sitemap.
-
Specification