SECURITY TESTING FOR SOFTWARE APPLICATIONS
First Claim
1. A system including instructions recorded on a non-transitory computer-readable medium, and executable by at least one processor, the system comprising:
- a mapping engine configured to cause the at least one processor todetermine an attack model enumerating software attacks, the software attacks being represented by linked attack components,determine a software architecture to be tested, the software architecture being represented by linked architectural components in an architecture diagram, andassociate each attack component and each architectural component with at least one attack tag characterizing attack requirements; and
a global test plan generator configured to cause the at least one processor to determine an attack test model, including associating attack components with corresponding architectural components, based on associated attack tags, and further configured to cause the at least one processor to generate attack test workflows from the attack test model, to thereby test the software architecture.
2 Assignments
0 Petitions
Accused Products
Abstract
A mapping engine may be used to determine an attack model enumerating software attacks, the software attacks being represented by linked attack components, and may be used to determine a software architecture to be tested, the software architecture being represented by linked architectural components in an architecture diagram. The mapping engine may then associate each attack component and each architectural component with at least one attack tag characterizing attack requirements. A global test plan generator may be used to determine an attack test model, including associating attack components with corresponding architectural components, based on associated attack tags, and may thus generate attack test workflows from the attack test model, to thereby test the software architecture.
-
Citations
20 Claims
-
1. A system including instructions recorded on a non-transitory computer-readable medium, and executable by at least one processor, the system comprising:
-
a mapping engine configured to cause the at least one processor to determine an attack model enumerating software attacks, the software attacks being represented by linked attack components, determine a software architecture to be tested, the software architecture being represented by linked architectural components in an architecture diagram, and associate each attack component and each architectural component with at least one attack tag characterizing attack requirements; and a global test plan generator configured to cause the at least one processor to determine an attack test model, including associating attack components with corresponding architectural components, based on associated attack tags, and further configured to cause the at least one processor to generate attack test workflows from the attack test model, to thereby test the software architecture. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method for executing instructions stored on a computer readable storage medium, the method comprising:
-
determining an attack model enumerating software attacks, the software attacks being represented by linked attack components; determining a software architecture to be tested, the software architecture being represented by linked architectural components in an architecture diagram; associating each attack component and each architectural component with at least one attack tag characterizing attack requirements; determining an attack test model, including associating attack components with corresponding architectural components, based on associated attack tags; and generating attack test workflows from the attack test model, to thereby test the software architecture. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer program product, the computer program product being tangibly embodied on a non-transitory computer-readable storage medium and comprising instructions that, when executed, are configured to:
-
determine an attack model enumerating software attacks, the software attacks being represented by linked attack components; determine a software architecture to be tested, the software architecture being represented by linked architectural components in an architecture diagram; associate each attack component and each architectural component with at least one attack tag characterizing attack requirements; determine an attack test model, including associating attack components with corresponding architectural components, based on associated attack tags; and generate attack test workflows from the attack test model, to thereby test the software architecture. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification