Performing security analysis on a software application
First Claim
Patent Images
1. A method for performing security analysis on a software application, the method comprising:
- receiving application architecture information for a software application;
determining components of the software application;
determining a software application type to be at least one of a composite software application type and a native software application type based on the application architecture information;
generating a tool-specific package for each of the components based on the software application type;
performing, by a computer processor, one or more security tests on each of the components of the software application based on the tool-specific packages;
approving the software application to be available in an online marketplace if the software application passes the one or more security tests; and
providing results to a user if the software application fails the one or more security tests.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for performing security analysis on a software application. In one embodiment, a method includes receiving application architecture information for a software application; and determining an application type based on the application architecture information. The method also includes performing one or more security tests on the software application based on the application type and the application architecture information; and approving the software application to be available in an online marketplace if the software application passes the one or more security tests.
-
Citations
17 Claims
-
1. A method for performing security analysis on a software application, the method comprising:
-
receiving application architecture information for a software application; determining components of the software application; determining a software application type to be at least one of a composite software application type and a native software application type based on the application architecture information; generating a tool-specific package for each of the components based on the software application type; performing, by a computer processor, one or more security tests on each of the components of the software application based on the tool-specific packages; approving the software application to be available in an online marketplace if the software application passes the one or more security tests; and providing results to a user if the software application fails the one or more security tests. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium having one or more instructions thereon for performing security analysis on a software application, the instructions when executed by a processor causing the processor to:
-
receive application architecture information for a software application; determine components of the software application; determine a software application type to be at least one of a composite software application type and a native software application type based on the application architecture information; generate a tool-specific package for each of the components based on the software application type; perform one or more security tests on each of the components of the software application based on the tool-specific packages; approve the software application to be available in an online marketplace if the software application passes the one or more security tests; and provide results to a user if the software application fails the one or more security tests. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus for performing security analysis on a software application, the apparatus comprising:
-
a processor; and a storage device storing one or more stored sequences of instructions which when executed by the processor cause the processor to; receive application architecture information for a software application; determine components of the software application; determine a software application type to be at least one of a composite software application type and a native software application type based on the application architecture information; generate a tool-specific package for each of the components based on the software application type; perform one or more security tests on each of the components of the software application based on the tool-specific packages; approve the software application to be available in an online marketplace if the software application passes the one or more security tests; and provide results to a user if the software application fails the one or more security tests. - View Dependent Claims (14, 15, 16, 17)
-
Specification