Method and device for evaluating security assessment of an application
First Claim
Patent Images
1. A method for evaluating security assessment of an application, comprising:
- receiving, by a security assessment computing device, application entry data associated with a plurality of entry points of the application;
identifying, by the security assessment computing device, at least one security threat entry point based on the application entry data, byanalyzing the application entry data based on results of a static application security testing (SAST), a dynamic application security testing (DAST), a functionality test cases testing, and a web services testing to obtain security information, wherein the application data entry comprises at least one of data of one or more technologies used for building the application, architecture data of the application, or data pertaining to interface of the application, andidentifying the at least one security threat entry point based on the security information, wherein entry points, from amongst the plurality of entry points, which are to be tested are the security threat entry points,wherein the application entry data is received through a graphical user interface of the security assessment computing device from a user of the application;
computing, by the security assessment computing device, a coverage index value based on the application entry data and the at least one security threat entry point, wherein the coverage index value is computed by performing arithmetic division of a number of the at least one security threat entry point by a total number of the entry points in the plurality of entry points of the application; and
generating, by the security assessment computing device, a recommendation report indicating security coverage of the application based on the coverage index value.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure disclose a method and a device for evaluating security assessment of an application. The method comprises receiving application entry data associated with a plurality of entry points of the application. Also, the method comprises identifying at least one security threat entry point based on the application entry data. Further, the method comprises computing a coverage index value based on the application entry data and the at least one security threat entry point and generating a recommendation report indicating security coverage of the application based on the coverage index value.
31 Citations
16 Claims
-
1. A method for evaluating security assessment of an application, comprising:
-
receiving, by a security assessment computing device, application entry data associated with a plurality of entry points of the application; identifying, by the security assessment computing device, at least one security threat entry point based on the application entry data, by analyzing the application entry data based on results of a static application security testing (SAST), a dynamic application security testing (DAST), a functionality test cases testing, and a web services testing to obtain security information, wherein the application data entry comprises at least one of data of one or more technologies used for building the application, architecture data of the application, or data pertaining to interface of the application, and identifying the at least one security threat entry point based on the security information, wherein entry points, from amongst the plurality of entry points, which are to be tested are the security threat entry points, wherein the application entry data is received through a graphical user interface of the security assessment computing device from a user of the application; computing, by the security assessment computing device, a coverage index value based on the application entry data and the at least one security threat entry point, wherein the coverage index value is computed by performing arithmetic division of a number of the at least one security threat entry point by a total number of the entry points in the plurality of entry points of the application; and generating, by the security assessment computing device, a recommendation report indicating security coverage of the application based on the coverage index value. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A security assessment computing device for evaluating security assessment of an application, comprising:
-
a processor; and a memory communicatively coupled to the processor, wherein the memory stores processor-executable instructions, which, on execution, cause the processor to; receive application entry data associated with a plurality of entry points of the application; identify at least one security threat entry point based on the application entry data by; analyzing the application entry data based on results of a static application security testing (SAST), a dynamic application security testing (DAST), a functionality test cases testing, and a web services testing to obtain security information, wherein the application data entry comprises at least one of data of one or more technologies used for building the application, architecture data of the application, or data pertaining to interface of the application, and identifying the at least one security threat entry point based on the security information, wherein entry points, from amongst the plurality of entry points, which are to be tested are the security threat entry points, wherein the application entry data is received through a graphical user interface of the security assessment computing device from a user of the application; compute a coverage index value based on the identify of at least one security threat entry point based on the application entry data, wherein the coverage index value is computed by performing arithmetic division of a number of the at least one security threat entry point by a total number of the entry points in the plurality of entry points of the application; and generate a recommendation report indicating security coverage of the application based on the coverage index value. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A non-transitory computer readable medium including instructions stored thereon that when processed by at least one processor cause a system to perform operations comprising:
-
receiving application entry data associated with a plurality of entry points of the application; identifying at least one security threat entry point based on the application entry data, by analyzing the application entry data based on results of a static application security testing (SAST), a dynamic application security testing (DAST), a functionality test cases testing, and a web services testing to obtain security information, wherein the application data entry comprises at least one of data of one or more technologies used for building the application, architecture data of the application, or data pertaining to interface of the application, and identifying the at least one security threat entry point based on the security information, wherein entry points, from amongst the plurality of entry points, which are to be tested are the security threat entry points, wherein the application entry data is received through a graphical user interface of the security assessment computing device from a user of the application; computing a coverage index value based on the application entry data and the at least one security threat entry point, wherein the coverage index value is computed by performing arithmetic division of a number of the at least one security threat entry point by a total number of the entry points in the plurality of entry points of the application; and generating, by the security assessment computing device, a recommendation report indicating security coverage of the application based on the coverage index value. - View Dependent Claims (13, 14, 15, 16)
-
Specification