Adapting a security tool for performing security analysis on a software application
First Claim
1. A method for adapting a security tool for performing security analysis on a software application, the method comprising:
- maintaining a registry of security tools comprising a plurality of registry entries, wherein each of the plurality of registry entries is associated with a particular security tool and with software component criteria;
receiving code for a software application;
comparing component criteria for each security tool against each component of the software application, wherein the component criteria for each respective security tool indicate which components of the software application the respective security tool is designed to analyze for security vulnerabilities;
receiving a questionnaire associated with the software application, wherein the questionnaire includes one or more queries regarding security-related tasks previously performed by the user and security vulnerabilities identified by the;
generating a risk score based on the questionnaire;
generating a tool-specific package for each component of the software application based on the components of the software application, the questionnaire, and the risk score, wherein the tool-specific package comprises one or more security tools that are designed to analyze the respective component of the software application for security vulnerabilities;
processing the tool-specific package for each component of the software application to analyze the software application to identify one or more security vulnerabilities using the tool-specific package; and
notifying a user of the identified one or more security vulnerabilities.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for adapting a security tool for performing security analysis on a software application. In one embodiment, a method includes maintaining a registry of security tools; receiving code for a software application; and comparing component criteria for each security tool against each component of the software application, wherein the component criteria for each respective security tool indicate which components the respective security tool is designed to analyze for security vulnerabilities. The method also includes generating a tool-specific package for each component of the software application, wherein the tool-specific package comprises one or more security tools that are designed to analyze the respective component for security vulnerabilities.
152 Citations
14 Claims
-
1. A method for adapting a security tool for performing security analysis on a software application, the method comprising:
-
maintaining a registry of security tools comprising a plurality of registry entries, wherein each of the plurality of registry entries is associated with a particular security tool and with software component criteria; receiving code for a software application; comparing component criteria for each security tool against each component of the software application, wherein the component criteria for each respective security tool indicate which components of the software application the respective security tool is designed to analyze for security vulnerabilities; receiving a questionnaire associated with the software application, wherein the questionnaire includes one or more queries regarding security-related tasks previously performed by the user and security vulnerabilities identified by the; generating a risk score based on the questionnaire; generating a tool-specific package for each component of the software application based on the components of the software application, the questionnaire, and the risk score, wherein the tool-specific package comprises one or more security tools that are designed to analyze the respective component of the software application for security vulnerabilities; processing the tool-specific package for each component of the software application to analyze the software application to identify one or more security vulnerabilities using the tool-specific package; and notifying a user of the identified one or more security vulnerabilities. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium having one or more instructions thereon for adapting a security tool for performing security analysis on a software application, the instructions when executed by a processor causing the processor to:
-
maintain a registry of security tools comprising a plurality of registry entries, wherein each of the plurality of registry entries is associated with a particular security tool and with software component criteria; receive code for a software application; compare component criteria for each security tool against each component of the software application, wherein the component criteria for each respective security tool indicate which components of the software application the respective security tool is designed to analyze for security vulnerabilities; receiving a questionnaire associated with the software application, wherein the questionnaire includes one or more queries regarding security-related tasks previously performed by the user and security vulnerabilities identified by the user; generate a risk score based on the questionnaire accessed security history information; generate a tool-specific package for each component of the software application based on the components of the software application, the questionnaire, and the risk score, wherein the tool-specific package comprises one or more security tools that are designed to analyze the respective component of the software application for security vulnerabilities; process the tool-specific package for each component of the software application to analyze the software application to identify one or more security vulnerabilities using the tool-specific package; and notify a user of the identified one or more security vulnerabilities. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification