Browse Prior Art Database

Automatic Detection of an Incomplete Application Security Assessment Based on Succesful Network Security Incidents

IP.com Disclosure Number: IPCOM000247289D
Publication Date: 2016-Aug-19
Document File: 2 page(s) / 40K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method to integrate existing security platforms and tools to provide an efficient and reliable method for determining whether a security assessment is good. The novel solution is to use the information in a security information and event management (SIEM) system or common weakness repositories and send feedback to the team that performed the application security assessment.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

Automatic Detection of an Incomplete Application Security Assessment Based on Succesful Network Security Incidents

Application security analysis is a common practice that allows organizations to determine whether applications contain any security flaws. Application Security analysis can be performed using a set of technologies such as Dynamic Analysis, Static Analysis, or Pen-testing Engagement. Performing a good application security analysis requires practice and experience. The results returned by an application security analysis task can be incomplete for various reasons: parts of the application were mistakenly left unscanned, poor scanning configuration led to poor results, or the security rules used were incomplete.

Current methods used to understand if an assessment is good include the manual process of going over the data that was scanned and checking if all functionality of the application was considered and tested , and trusting an authority which tells someone that the assessment was properly performed.

A faster and more reliable method is needed to help analysts determine whether a security assessment is good . A good application security analysis catches all vulnerabilities that exist in the application. Failure to catch everything implicitly leads to the conclusion that a poor assessment was conducted.

On the other side of the spectrum, security information and event management (SIEM) systems understand when a security breach occurs (e.g., it receives confirmation from a data security platform that a database security incident was reached ). In addition, common weakness repositories contain known vulnerabilities.

The novel solution uses the information in a SIEM or common weakness repositories , sends feedback to the team that performed the application security assessment, and automatically marks that assessmen...