Performing security analysis on a software application

US 8,701,198 B2
Filed: 08/10/2010
Issued: 04/15/2014
Est. Priority Date: 08/10/2010
Status: Active Grant

First Claim

Patent Images

1. A method for performing security analysis on a software application, the method comprising:

receiving application architecture information for a software application;

determining components of the software application;

determining a software application type to be at least one of a composite software application type and a native software application type based on the application architecture information;

generating a tool-specific package for each of the components based on the software application type;

performing, by a computer processor, one or more security tests on each of the components of the software application based on the tool-specific packages;

approving the software application to be available in an online marketplace if the software application passes the one or more security tests; and

providing results to a user if the software application fails the one or more security tests.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for performing security analysis on a software application. In one embodiment, a method includes receiving application architecture information for a software application; and determining an application type based on the application architecture information. The method also includes performing one or more security tests on the software application based on the application type and the application architecture information; and approving the software application to be available in an online marketplace if the software application passes the one or more security tests.

Citations

17 Claims

1. A method for performing security analysis on a software application, the method comprising:
- receiving application architecture information for a software application;
  
  determining components of the software application;
  
  determining a software application type to be at least one of a composite software application type and a native software application type based on the application architecture information;
  
  generating a tool-specific package for each of the components based on the software application type;
  
  performing, by a computer processor, one or more security tests on each of the components of the software application based on the tool-specific packages;
  
  approving the software application to be available in an online marketplace if the software application passes the one or more security tests; and
  
  providing results to a user if the software application fails the one or more security tests.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising generating a risk score based on the application architecture information.
  - 3. The method of claim 1, further comprising generating a risk score if the software application type is a composite application, wherein the risk score is based on the application architecture information.
  - 4. The method of claim 1, further comprising providing results to a user if the software application fails the one or more security tests.
  - 5. The method of claim 1, further comprising providing results to a user if the software application fails the one or more security tests, wherein the software application fails the one or more security tests if the one or more security tests identifies one or more security vulnerabilities.
  - 6. The method of claim 1,wherein the software application fails the one or more security tests if the one or more security tests identifies one or more security vulnerabilities;
    - andfurther comprising requiring the user to address the security vulnerability issues within a predefined time period.

7. A non-transitory computer-readable storage medium having one or more instructions thereon for performing security analysis on a software application, the instructions when executed by a processor causing the processor to:
- receive application architecture information for a software application;
  
  determine components of the software application;
  
  determine a software application type to be at least one of a composite software application type and a native software application type based on the application architecture information;
  
  generate a tool-specific package for each of the components based on the software application type;
  
  perform one or more security tests on each of the components of the software application based on the tool-specific packages;
  
  approve the software application to be available in an online marketplace if the software application passes the one or more security tests; and
  
  provide results to a user if the software application fails the one or more security tests.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable storage medium of claim 7, wherein the instructions further cause the processor to generate a risk score based on the application architecture information.
  - 9. The computer-readable storage medium of claim 7, wherein the instructions further cause the processor to generate a risk score if the software application type is a composite application, and wherein the risk score is based on the application architecture information.
  - 10. The computer-readable storage medium of claim 7, wherein the instructions further cause the processor to provide results to a user if the software application fails the one or more security tests.
  - 11. The computer-readable storage medium of claim 7, wherein the instructions further cause the processor to provide results to a user if the software application fails the one or more security tests, and wherein the software application fails the one or more security tests if the one or more security tests identifies one or more security vulnerabilities.
  - 12. The computer-readable storage medium of claim 7,wherein the software application fails the one or more security tests if the one or more security tests identifies one or more security vulnerabilities;
    - andwherein the instructions further cause the processor to;
      
      require the user to address the security vulnerability issues within a predefined time period.

13. An apparatus for performing security analysis on a software application, the apparatus comprising:
- a processor; and
  
  a storage device storing one or more stored sequences of instructions which when executed by the processor cause the processor to;
  
  receive application architecture information for a software application;
  
  determine components of the software application;
  
  determine a software application type to be at least one of a composite software application type and a native software application type based on the application architecture information;
  
  generate a tool-specific package for each of the components based on the software application type;
  
  perform one or more security tests on each of the components of the software application based on the tool-specific packages;
  
  approve the software application to be available in an online marketplace if the software application passes the one or more security tests; and
  
  provide results to a user if the software application fails the one or more security tests.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The apparatus of claim 13, wherein the instructions further cause the processor to generate a risk score based on the application architecture information.
  - 15. The apparatus of claim 13, wherein the instructions further cause the processor to generate a risk score if the software application type is a composite application, and wherein the risk score is based on the application architecture information.
  - 16. The apparatus of claim 13, wherein the instructions further cause the processor to provide results to a user if the software application fails the one or more security tests.
  - 17. The apparatus of claim 13, wherein the instructions further cause the processor to provide results to a user if the software application fails the one or more security tests, and wherein the software application fails the one or more security tests if the one or more security tests identifies one or more security vulnerabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Greene, Collin, Fly, Robert, Badhwar, Varun
Primary Examiner(s)
Vaughan, Michael R

Application Number

US12/854,106
Publication Number

US 20120042384A1
Time in Patent Office

1,344 Days
Field of Search

None
US Class Current

726/25
CPC Class Codes

G06F 21/128 involving web programs, i.e...

G06F 2221/033 Test or assess software

Performing security analysis on a software application

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Performing security analysis on a software application

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links