Apparatuses, methods and systems of an application security management platform
First Claim
Patent Images
1. A processor-enabled method, comprising:
- obtaining application security data from a plurality of data sources;
identifying at least one intake question form based on the at least one application;
associating the obtained data with at least one application;
generating via a processor a risk factor matrix for the at least one application based on the obtained data and the at least one intake question form, wherein the at least one intake question form is a risk factor intake form and the generating comprises;
retrieving the risk factor intake form from a database, the risk factor intake form comprising a plurality of risk factor questions,obtaining an answer, based on the obtained data, associated with each of the plurality of risk factor questions,converting the answer associated with each of the plurality of risk factor questions to a numerical score, andgenerating an entry of the risk factor matrix based on the risk factor question and the associated numerical score; and
evaluating the at least one application based on the generated risk factor matrix.
1 Assignment
0 Petitions
Accused Products
Abstract
This disclosure details the implementation of apparatuses, methods and systems of an application security management platform (hereinafter, “ASMP”). ASMP systems may, in one embodiment, implement a live platform on a computerized system, whereby the platform may receive security data associated with a running application from multiple security tacking systems, evaluate the security performance of the application, generate an application security summary report for review and manage review processes for security professionals.
107 Citations
21 Claims
-
1. A processor-enabled method, comprising:
-
obtaining application security data from a plurality of data sources; identifying at least one intake question form based on the at least one application; associating the obtained data with at least one application; generating via a processor a risk factor matrix for the at least one application based on the obtained data and the at least one intake question form, wherein the at least one intake question form is a risk factor intake form and the generating comprises; retrieving the risk factor intake form from a database, the risk factor intake form comprising a plurality of risk factor questions, obtaining an answer, based on the obtained data, associated with each of the plurality of risk factor questions, converting the answer associated with each of the plurality of risk factor questions to a numerical score, and generating an entry of the risk factor matrix based on the risk factor question and the associated numerical score; and evaluating the at least one application based on the generated risk factor matrix. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus, comprising:
-
a processor; a memory in communication with the processor and containing program instructions; an input device and an output device both in communication with the processor and memory, said output device providing a user interface; wherein the processor executes program instructions contained in the memory and the program instructions cause the processor to; obtain application security data from a plurality of data sources; associate the obtained data with at least one application program; identify at least one intake question form based on the at least one application program; generate a risk factor matrix for the at least one application based on the obtained data and the at least one intake question form by; retrieving the risk factor intake form from a database, the risk factor intake form comprising a plurality of risk factor questions, obtaining an answer, based on the obtained data, associated with each of the plurality of risk factor questions, converting the answer associated with each of the plurality of risk factor questions to a numerical score, and generating an entry of the risk factor matrix based on the risk factor question and the associated numerical score; evaluate the application program based on the generated risk factor matrix; and output an application security report.
-
-
15. The apparatus of 14, wherein evaluating the at least one application based on the generated risk factor matrix comprises:
-
generating a general risk score for the at least one application based on the risk factor matrix; determining a risk level associated with the at least one application based on the general risk score; and if the determined risk level is high, retrieving an action review form from a database, generating a second score of the at least one application based on the action review form, if the second score of the at least one application is lower than an action review threshold, labeling the at least one application as certified. - View Dependent Claims (16, 17)
-
-
18. A non-transitory processor readable medium, comprising:
processor readable instructions stored in the processor readable medium, wherein the processor readable instructions are executable by a processor to; obtain application security data from a plurality of data sources; associate the obtained data with at least one application program; identify at least one intake question form based on the at least one application program; generate a risk factor matrix for the application based on the obtained data and the at least one intake question form by; retrieving the risk factor intake form from a database, the risk factor intake form comprising a plurality of risk factor questions, obtaining an answer, based on the obtained data, associated with each of the plurality of risk factor questions, converting the answer associated with each of the plurality of risk factor questions to a numerical score, and generating an entry of the risk factor matrix based on the risk factor question and the associated numerical score; and evaluate the application program based on the generated risk factor matrix. - View Dependent Claims (19, 20, 21)
Specification