METHOD AND DEVICE FOR EVALUATING SECURITY ASSESSMENT OF AN APPLICATION

US 20160373480A1
Filed: 07/31/2015
Published: 12/22/2016
Est. Priority Date: 06/18/2015
Status: Active Grant

First Claim

Patent Images

1. A method for evaluating security assessment of an application, comprising:

receiving, by a security assessment computing device, application entry data associated with a plurality of entry points of the application;

identifying, by the security assessment computing device, at least one security threat entry point based on the application entry data;

computing, by the security assessment computing device, a coverage index value based on the application entry data and the at least one security threat entry point; and

generating, by the security assessment computing device, a recommendation report indicating security coverage of the application based on the coverage index value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present disclosure disclose a method and a device for evaluating security assessment of an application. The method comprises receiving application entry data associated with a plurality of entry points of the application. Also, the method comprises identifying at least one security threat entry point based on the application entry data. Further, the method comprises computing a coverage index value based on the application entry data and the at least one security threat entry point and generating a recommendation report indicating security coverage of the application based on the coverage index value.

26 Citations

View as Search Results

20 Claims

1. A method for evaluating security assessment of an application, comprising:
- receiving, by a security assessment computing device, application entry data associated with a plurality of entry points of the application;
  
  identifying, by the security assessment computing device, at least one security threat entry point based on the application entry data;
  
  computing, by the security assessment computing device, a coverage index value based on the application entry data and the at least one security threat entry point; and
  
  generating, by the security assessment computing device, a recommendation report indicating security coverage of the application based on the coverage index value.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as claimed in claim 1 wherein the application entry data comprises at least one of data associated with one or more technologies used for building the application, architecture data of the application, and data pertaining to interface of the application received, through a graphical user interface of the security assessment computing device, from a user of the application.
  - 3. The method as claimed in claim 1, wherein receiving the application entry data further comprises receiving results of at least one of a static application security testing (SAST), a dynamic application security testing (DAST), a functionality test cases testing, and a web services testing.
  - 4. The method as claimed in claim 1, wherein the plurality of entry points is at least one of a build web interface, a database and one or more web services.
  - 5. The method as claimed in claim 1, wherein identifying the at least one security threat entry points comprising:
    - analyzing the application entry data based on results of at least one of a static application security testing (SAST), a dynamic application security testing (DAST), a functionality test cases testing, and a web services testing to obtain security information; and
      
      identifying the at least one security threat entry point based on the security information, wherein entry points, from amongst the plurality of entry points, which are to be tested are the security threat entry points.
  - 6. The method as claimed in claim 1, wherein the coverage index value is computed by performing arithmetic division of a number of the at least one security threat points by a number of the entry points.
  - 7. The method as claimed in claim 1, wherein the recommendation report comprises, application entry data associated with a plurality of entry points of the application, the coverage index value one or more security threat entry points to be secured.

8. A security assessment computing device for evaluating security assessment of an application, comprising:
- a processor; and
  
  a memory communicatively coupled to the processor, wherein the memory stores processor-executable instructions, which, on execution, causes the processor to;
  
  receive application entry data associated with a plurality of entry points of the application;
  
  identify at least one security threat entry point based on the application entry data;
  
  compute a coverage index value based on the application entry data and the at least one security threat entry point; and
  
  generate a recommendation report indicating security coverage of the application based on the coverage index value.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The device as claimed in claim 8, wherein the application entry data comprises at least one of data associated with one or more technologies used for building the application, architecture data of the application, and data pertaining to interface of the application received, through a graphical user interface of the security assessment computing device, from a user of the application.
  - 10. The device as claimed in claim 8, wherein the processor is further configured to receiving the application entry data further comprises receiving results of at least, one of a static application security testing (SAST), a dynamic application security testing (DAST) and a web services testing.
  - 11. The device as claimed in claim 8, wherein the plurality of entry points is at least one of a build web interface, a database and one or more web services.
  - 12. The device as claimed in claim 8, wherein the processor is further configured to identifying the at least one security threat entry points comprising:
    - analyzing the application entry data based on results of at least one of a static application security testing (SAST), a dynamic application security testing (DAST), a functionality test cases testing, and a web services testing to obtain security information; and
      
      identifying the at least one security threat entry point based on the security information, wherein entry points, from amongst the plurality of entry points, which are to be tested are the security threat entry points.
  - 13. The device as claimed in claim 8, wherein the processor is configured to compute the coverage index value by performing arithmetic division of the at least one security threat points by a number of the entry points.
  - 14. The device as claimed in claim 8, wherein the recommendation report comprises application entry data associated with a plurality of entry points of the application, the coverage index value one or more security threat entry points to be secured.
  - 15. The device as claimed in claim 8, wherein the processor is further configured to generate, a security assessment report based on at least one of the data associated with entry points of the application, the coverage index value and the recommendation.

16. A non-transitory computer readable medium including instructions stored thereon that when processed by at least one processor cause a system to perform operations comprising:
- receive application entry data associated with a plurality of entry points of the application;
  
  identify at least one security threat entry point based on the application entry data;
  
  compute a coverage index value based on the application entry data and the at least one security threat entry point; and
  
  generate a recommendation report indicating security coverage of the application based on the coverage index value.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The medium as claimed in claim 16, wherein the instructions further cause the at least one processor to perform receiving the application entry data further comprises receiving results of at least one of a static application security testing (SAST), a dynamic application security testing (DAST) and a web services testing.
  - 18. The medium as claimed in claim 16, wherein the instructions further cause the at least one processor to perform identifying the at least one security threat entry points comprising:
    - analyzing the application entry data based on results of at least one of a static application security testing (SAST), a dynamic application security testing (DAST), a functionality test cases testing, and a web services testing to obtain security information; and
      
      identifying the at least one security threat entry point based on the security information, wherein entry points, from amongst the plurality of entry points, which are to be tested are the security threat entry points.
  - 19. The medium as claimed in claim 16, wherein the instructions further cause the at least one processor to perform computing the coverage index value by performing, arithmetic division of a number of the at least one security threat points by a number of the entry points.
  - 20. The medium as claimed in claim 16, wherein the instructions further cause the at least one processor to perform generating the recommendation report comprising application entry data associated with a plurality of entry points of the application, the coverage index value one or more security threat entry points to be secured.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wipro Limited
Original Assignee
Wipro Limited
Inventors
SRIDHAR, Kavitha

Granted Patent

US 9,781,146 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

METHOD AND DEVICE FOR EVALUATING SECURITY ASSESSMENT OF AN APPLICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND DEVICE FOR EVALUATING SECURITY ASSESSMENT OF AN APPLICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links