Systems and Methods for Security And Risk Assessment And Testing Of Applications

US 20170098086A1
Filed: 10/06/2015
Published: 04/06/2017
Est. Priority Date: 10/06/2015
Status: Active Grant

First Claim

Patent Images

1. An application security system, the system comprising:

an application security server having a processing device in communication with one or more storage systems;

a plurality of computing devices, the computing devices executing a plurality of application instances configured to receive and transmit information over a network; and

a security testing system including a plurality of security test modules, wherein the test modules include a first test module associated with a first application associated with one or more of the application instances; and

wherein the processing device of the application security server;

retrieves information about the first application, the information including current dependency information of the first application,calculates a security risk score for the first application, the security risk score calculated based on the information about the first application,determines a security priority level associated with first application, the security priority level of the first application being based on the security risk score for the first application, andassociates the security priority level of the first application with the first application in a database of application security information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided herein are systems and methods for monitoring and assessing the security and risk presented by applications deployed in a complex computing environment. An exemplary application security system includes a server having a processing device in communication with storage systems, computing devices executing application instances configured to receive and transmit information over a network, and a security testing system including a first test module that is associated with a first application, which is associated with one or more of the application instances. The processing device of the server retrieves information about the first application, including current dependency information of the first application, calculates a security risk score for the first application based on the information, determines a security priority level associated with first application, and associates the security priority level of the first application with the first application in a database of application security information.

137 Citations

20 Claims

1. An application security system, the system comprising:
- an application security server having a processing device in communication with one or more storage systems;
  
  a plurality of computing devices, the computing devices executing a plurality of application instances configured to receive and transmit information over a network; and
  
  a security testing system including a plurality of security test modules, wherein the test modules include a first test module associated with a first application associated with one or more of the application instances; and
  
  wherein the processing device of the application security server;
  
  retrieves information about the first application, the information including current dependency information of the first application,calculates a security risk score for the first application, the security risk score calculated based on the information about the first application,determines a security priority level associated with first application, the security priority level of the first application being based on the security risk score for the first application, andassociates the security priority level of the first application with the first application in a database of application security information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The application security system of claim 1, wherein the application security server communicates with the security testing system to access testing information associated with the first application, the testing information indicating a most recent test time at which the first test module was used to test the first application.
  - 3. The application security system of claim 2, wherein the security risk score for the first application is calculated based on the most recent test time at which the first test module was used to test the first application and a test schedule associated with the first application.
  - 4. The application security system of claim 1, wherein the information about the first application comprises at least one of:
    - a count of deployed instances of the first application;
      
      a tag associated with the first application, the tag indicating the first application contains or has access to sensitive information;
      
      a count of applications with which the first application communicates;
      
      an accessibility of the first application from the Internet; and
      
      the current dependency information of the first application.
  - 5. The application security system of claim 4, wherein the count of deployed instances of the first application is a first real-time count and the count of applications with which the first application communicates is a second real-time count.
  - 6. The application security system of claim 1, further comprising a cloud infrastructure in communication with the application security server over the network, the cloud infrastructure including a plurality of deployed application instances, and wherein the first application communicates with at least one of the deployed application instances.
  - 7. The application security system of claim 6, wherein the cloud infrastructure includes a monitoring service configured to report information about applications deployed to the cloud infrastructure, the deployed application information including counts of deployed application instances and security information associated with the deployed applications.
  - 8. The application security system of claim 1, wherein the application security server includes a map of dependencies between applications based on information received from each application upon initialization of each application.
  - 9. The application security system of claim 1, wherein the processing device of the application security server communicates with the security testing system to change a testing regime associated with the first application.
  - 10. The application security system of claim 9, wherein the testing regime includes one or more test modules to be applied in testing the first application and a schedule directing when the test modules are to be applied to test the first application.

11. An application security system, comprising:
- a processing device in communication with one or more storage devices, the one or more storage devices including instructions stored thereon; and
  
  a network interface enabling the processing device to communicate over a network with one or more other devices, and wherein the processing device executes the instructions to;
  
  receive, over the network, a list of applications deployed in a computing environment;
  
  calculate a security risk score for a first application included in the list of applications;
  
  determine a security priority level associated with first application, the security priority level of the first application being based on the security risk score for the first application; and
  
  transmit a prioritized list of applications deployed in the computing environment to a client device over the network for display to a user of the client device in a user interface.
- View Dependent Claims (12, 13, 14)
- - 12. The application security system of claim 11, wherein the processing device further executes the instructions to request application security information from the one or more other devices, the application security information including at least one of:
    - a count of instances of the first application;
      
      a region in which the application is deployed;
      
      build information associated with the first application;
      
      a list of applications with which the first application is configured to communicate; and
      
      a security tag associated with the first application.
  - 13. The application security system of claim 12, wherein the application security information associated with the first application identifies a port, a protocol, or a domain name system (DSN) name utilized by the first application.
  - 14. The application security system of claim 11, wherein the security priority level associated with the first application indicates that the first application is to undergo a manual testing process by administrative security personnel, and wherein the processing device executes the instructions to send an electronic notification to the administrative security personnel communicating the security priority level associated with the first application.

15. A method comprising:
- receiving, by a processing device of a first computing device and over a network, application security information associated with a first application;
  
  calculating a security risk score for a first application based on the application security information received over the network;
  
  generating a security testing regime recommendation for the first application based on the calculated security risk score; and
  
  transmitting the security testing regime recommendation over the network to a second computing device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the first application is deployed in a cloud infrastructure and wherein receiving application security information associated with the first application comprises receiving the application security information from a monitoring service operating within the cloud infrastructure.
  - 17. The method of claim 16, wherein the application security information comprises a real-time count of instances of the first application deployed in the cloud infrastructure and a rate of increase in the count of instances of the first application deployed in the cloud infrastructure.
  - 18. The method of claim 16, further comprising identifying a plurality of applications operating within a computing environment that includes an account of the cloud infrastructure.
  - 19. The method of claim 15, wherein transmitting the security testing regime recommendation over the network to the second computing device comprises:
    - transmitting an instruction to a security testing system to apply a first test module when the security testing system performs a security test on the first application.
  - 20. The method of claim 15, wherein the application security information includes a pointer to a source code of the first application in a source code repository and wherein the pointer is included in the security testing regime recommendation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Netflix, Inc.
Original Assignee
Netflix, Inc.
Inventors
Hoernecke, Andy, Chan, Jason

Granted Patent

US 9,767,291 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3688   for test execution, e.g. sc...

G06F 21/577   Assessing vulnerabilities a...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 10/10   Office automation; Time man...

Systems and Methods for Security And Risk Assessment And Testing Of Applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

137 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Security And Risk Assessment And Testing Of Applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links