METHODS AND SYSTEMS FOR PROVIDING FEEDBACK AND SUGGESTED PROGRAMMING METHODS
First Claim
1. A software security assessment platform, comprising:
- a communications server, which in operation, receives technical characteristics of a target software application and business context information relating to the target software application;
an analysis engine, which in operation;
examines code of the target software application received and identifies specific application security best practices that are applicable to the target software application;
identifies locations in the code of the target application where the identified best practices ought to be implemented and determines for each of the locations whether the relevant best practices appear to have been implemented;
determines at each of the locations whether the relevant best practices appear to have been implemented correctly and to what extent they have been implemented incompletely or incorrectly; and
provides positive feedback to developer of the target software application for what appears to be their correct implementation of the best practices.
5 Assignments
0 Petitions
Accused Products
Abstract
The techniques and supporting systems described herein provide a comprehensive and customizable approach to identifying the use of best practices during the design and development of software applications, as well as recommending additional enhancements or courses of action that may be implemented to further improve the application. Target software application code is received specific application security best practices applicable to the target software application are identified. Locations in the code where the various best practices ought to be implemented are then identified, and a determination is made whether the relevant best practices are implemented for each location. Finally, positive feedback is provided to the developers for what appears to be their correct implementation of best practices.
-
Citations
34 Claims
-
1. A software security assessment platform, comprising:
-
a communications server, which in operation, receives technical characteristics of a target software application and business context information relating to the target software application; an analysis engine, which in operation; examines code of the target software application received and identifies specific application security best practices that are applicable to the target software application; identifies locations in the code of the target application where the identified best practices ought to be implemented and determines for each of the locations whether the relevant best practices appear to have been implemented; determines at each of the locations whether the relevant best practices appear to have been implemented correctly and to what extent they have been implemented incompletely or incorrectly; and provides positive feedback to developer of the target software application for what appears to be their correct implementation of the best practices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for software security assessment, comprising:
-
receiving technical characteristics of a target software application and business context information relating to the target software application; examining code of the target software application received and identifying specific application security best practices that are applicable to the target software application; identifying locations in the code of the target application where the identified best practices ought to be implemented and determining for each of the locations whether the relevant best practices appear to have been implemented; determining at each of the locations whether the relevant best practices appear to have been implemented correctly and to what extent they have been implemented incompletely or incorrectly; and providing positive feedback to developer of the target software application for what appears to be their correct implementation of the best practices. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
Specification