Method and apparatus for security assessment of a computing platform

US 8,650,651 B2
Filed: 02/08/2008
Issued: 02/11/2014
Est. Priority Date: 02/08/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A system for detecting security vulnerabilities in a computing platform, the computing platform comprising one or more front end components which provide services to other applications or users, and one or more back end components which supply required information to the one or more front end components to fulfill the services, the system comprising:

one or more first monitoring modules communicatively linked to the one or more front end components, and operatively configured to monitor the one or more front end components while communicating data with the one or more front end components;

one or more second monitoring modules communicatively linked to the one or more back end components, and operatively configured to monitor the one or more back end components while the one or more back end components supply required information to the one or more front end components;

wherein the one or more first monitoring modules is further operatively configured to communicate data of a testing type with the one or more front end components via a communication protocol and monitors activities of the one or more front end components via a protocol other than the communication protocol while communicating the data with the one or more front end components, while the one or more second monitoring modules monitor activities of the one or more back end components responsive to communicating the data;

wherein information extracted that is associated with the activities of the one or more front end components is combinable with information extracted that is associated with the activities of the one or more back end components to contribute to identification of one or more security vulnerabilities within the computing platform;

wherein at least one of the one or more first monitoring modules and the one or more second monitoring modules further operatively configured to combine and store all of the information extracted that is associated with the activities of the one or more front end components and all of the information extracted that is associated with the activities of the one or more back end components in an activity log; and

at least one of the one or more first monitoring modules and the one or more second monitoring modules further operatively configured to change the testing type to suit the activities of at least one of the one or more front end components and the activities of the one or more back end components based on the combined information stored in the activity log.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for automated security testing are disclosed. The disclosure provides for automated discovery of security vulnerabilities through the monitoring of activities that occur throughout the separate components of a computing platform during a testing session through a communications interface.

38 Citations

View as Search Results

25 Claims

1. A system for detecting security vulnerabilities in a computing platform, the computing platform comprising one or more front end components which provide services to other applications or users, and one or more back end components which supply required information to the one or more front end components to fulfill the services, the system comprising:
- one or more first monitoring modules communicatively linked to the one or more front end components, and operatively configured to monitor the one or more front end components while communicating data with the one or more front end components;
  
  one or more second monitoring modules communicatively linked to the one or more back end components, and operatively configured to monitor the one or more back end components while the one or more back end components supply required information to the one or more front end components;
  
  wherein the one or more first monitoring modules is further operatively configured to communicate data of a testing type with the one or more front end components via a communication protocol and monitors activities of the one or more front end components via a protocol other than the communication protocol while communicating the data with the one or more front end components, while the one or more second monitoring modules monitor activities of the one or more back end components responsive to communicating the data;
  
  wherein information extracted that is associated with the activities of the one or more front end components is combinable with information extracted that is associated with the activities of the one or more back end components to contribute to identification of one or more security vulnerabilities within the computing platform;
  
  wherein at least one of the one or more first monitoring modules and the one or more second monitoring modules further operatively configured to combine and store all of the information extracted that is associated with the activities of the one or more front end components and all of the information extracted that is associated with the activities of the one or more back end components in an activity log; and
  
  at least one of the one or more first monitoring modules and the one or more second monitoring modules further operatively configured to change the testing type to suit the activities of at least one of the one or more front end components and the activities of the one or more back end components based on the combined information stored in the activity log.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system as claimed in claim 1, wherein the testing type is selected from a group consisting of malicious injection and valid/invalid input data.
  - 3. The system as claimed in claim 1, wherein the one or more back end components is operatively configured to supply additional services to one or more additional back end components in a multi-tier application.
  - 4. The system as claimed in claim 1, wherein the one or more first monitoring modules comprise a scanner for communicating data with the one or more front end components.
  - 5. The system of claim 1, wherein the one or more first monitoring modules operatively configured to receive pushed output data from the one or more front end components while monitoring the one or more front end components.
  - 6. The system of claim 1, wherein the one or more first monitoring modules is operatively configured to send data requests to and is operatively configured to receive responses from the one or more front end components while monitoring the one or more front end components.
  - 7. The system as claimed in claim 1, wherein the one or more first monitoring modules and the one or more second monitoring modules are implemented via distinct computing platforms.
  - 8. The system as claimed in claim 1, wherein the one or more first monitoring modules and the one or more second monitoring modules are implemented via a common computing platform.
  - 9. The system as claimed in claim 1, wherein the one or more second monitoring modules is operatively configured to interface with the one or more back end components via one or more application-specific protocols.
  - 10. The system as claimed in claim 9, wherein the one or more application-specific protocols comprises at least one of an Open Database Connectivity (ODBC) protocol, a .NET protocol, and a Java Database Connectivity (JDBC) Application Programming Interface (API) protocol.
  - 11. The system as claimed in claim 1, wherein the communication protocol comprises a Hypertext Transfer Protocol (HTTP) for communicating the data with the one or more front end components, and wherein the protocol other than the communication protocol comprises at least one of a File System Access protocol and a Network File System (NFS) protocol to monitor the one or more front end components.

12. A method of detecting security vulnerabilities in a computing platform, the computing platform comprising one or more front end components which provide services to other applications or users, and one or more back end components which supply required information to the one or more front end components to fulfill the services, the method comprising:
- connecting to the one or more front end components via one or more front end communication protocol connections;
  
  connecting to the one or more back end components using one or more application-specific protocol connections for communicating with an application;
  
  communicating data of a testing type with the one or more front end components via the one or more communication protocol connections;
  
  monitoring activities of the one or more front end components via one or more protocol connections other than the one or more communication protocol connections while communicating the data with the one or more front end components;
  
  monitoring activities of the one or more back end components responsive to communicating the data;
  
  extracting activity information from the one or more front end components and from the one or more back end components, wherein information extracted that is associated with the activities of the one or more front end components is combinable with information extracted that is associated with the activities of the one or more back end components to contribute to identification of one or more security vulnerabilities within the computing platform;
  
  combining and storing all of the information extracted that is associated with the activities of the one or more front end components and all of the information extracted that is associated with the activities of the one or more back end components in an activity log; and
  
  changing the testing type to suit the activities of at least one of the one or more front end components and the activities of the one or more back end components based on the combined information stored in the activity log.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, wherein communicating the data with the one or more front end components comprises receiving pushed output data from the one or more front end components.
  - 14. The method of claim 12, wherein communicating the data with the one or more front end components comprises sending one or more data requests to and receiving one or more responses from the one or more front end components.
  - 15. The method of claim 12, wherein communicating the data with the one or more front end components is implemented by one or more scanners communicatively linked to the one or more front end components.
  - 16. The method of claim 12, wherein the one or more communication protocol connections is implemented via at least one Hypertext Transfer Protocol (HTTP) connection and wherein the protocol other than the one or more communication protocol connections is implemented via one or more separate protocol connections.
  - 17. The method of claim 16, wherein the one or more separate protocol connections comprises at least one of a File System Access connection and a Network File System (NFS) connection.
  - 18. The method of claim 12, wherein the one or more protocol connections other than the one or more communication protocol connections comprises at least one of an Open Database Connectivity (ODBC) connection, a .NET connection, and a Java Database Connectivity (JDBC) Application Programming Interface (API) connection.

19. A non-transitory computer readable medium having recorded thereon statements and instructions for execution by a computer for detecting security vulnerabilities in a computing platform, the computing platform comprising one or more front end components which provide services to other applications or users, and one or more back end components which supply required information to the one or more front end components to fulfill the services, by carrying out operations comprising:
- connecting to the one or more front end components;
  
  connecting to the one or more back end components;
  
  communicating data of a testing type with the one or more front end components via a communication protocol;
  
  monitoring activities of the one or more front end components via a protocol other than the communication protocol while communicating the data with the one or more front end components;
  
  monitoring activities of the one or more back end components responsive to communicating the data;
  
  extracting activity information from the one or more front end components and from the one or more back end components, wherein information extracted that is associated with the activities of the one or more front end components is combinable with information extracted that is associated with the activities of the one or more back end components to contribute to identification of one or more security vulnerabilities within the computing platform;
  
  combining and storing all of the information extracted that is associated with the activities of the one or more front end components and all of the information extracted that is associated with the activities of the one or more back end components in an activity log; and
  
  changing the testing type to suit the activities of at least one of the one or more front end components and the activities of the one or more back end components based on the combined information stored in the activity log.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The non-transitory computer-readable medium of claim 19, wherein communicating the data with the one or more front end components is implemented by one or more scanners communicatively linked to the one or more front end components.
  - 21. The non-transitory computer-readable medium of claim 19, wherein the communication protocol is implemented via a Hypertext Transfer Protocol (HTTP) connection and wherein the protocol other than the communication protocol is implemented via a separate protocol connection.
  - 22. The non-transitory computer-readable medium of claim 19, wherein the protocol other than the communication protocol is implemented via at least one of a File System Access protocol connection and a Network File System (NFS) protocol connection.
  - 23. The non-transitory computer-readable medium of claim 19, wherein the protocol other than the communication protocol is implemented via at least one of an Open Database Connectivity (ODBC) connection, a .NET connection, and a Java Database Connectivity (JDBC) Application Programming Interface (API) connection.
  - 24. The non-transitory computer-readable medium of claim 19, wherein communicating the data with the one or more front end components comprises receiving pushed output data from the one or more front end components.
  - 25. The non-transitory computer-readable medium of claim 19, wherein communicating the data with the one or more front end components comprises sending one or more data requests to and receiving one or more responses from the one or more front end components.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Podjarny, Guy, Segal, Ory
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
POTRATZ, DANIEL B

Application Number

US12/028,187
Publication Number

US 20090205047A1
Time in Patent Office

2,195 Days
Field of Search

726/22, 726/25, 709/224
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

H04L 63/1433   Vulnerability analysis

Method and apparatus for security assessment of a computing platform

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for security assessment of a computing platform

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links