Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Social Based Resource/Collaboration System With Optional Anonymization of Users for Application Security Scanners Powered by a Security Intelligence Forum/Database

IP.com Disclosure Number: IPCOM000247363D
Publication Date: 2016-Aug-29
Document File: 2 page(s) / 425K

Publishing Venue

The IP.com Prior Art Database

Abstract

A system and method for social based resource collaboration with optional anonymization of users for application security scanners powered by a security intelligence forum or database is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 61% of the total text.

Page 01 of 2

Social Based Resource/Collaboration System With Optional Anonymization of Users for Application Security Scanners Powered by a Security Intelligence Forum/Database

Disclosed is a system and method for social based resource collaboration with optional anonymization of users for application security scanners powered by a security intelligence forum or database. In application source code vulnerability scanning the users are usually presented with an issue along with the remediation / how-to-fix information regarding the vulnerability. However, such material is very static and not in context to the actual problem.

For example, in some embodiments, the user are provided with a Common Vulnerabilities and Exposures (CVE ) #, a static definition (text), and/or a link. A lot of customers face

similar problems.

Many attacks on the web involve the following areas:

Cross Site Request Forgery

SQL Injections, and
Cross Site Scripting

The disclosed system and method creates a secure channel for security analysts and developers to collaborate anonymously on similar problems against the source code analysis tool itself. See Figure 1 for a visual representation of the disclosed system an method.

Figure 1 includes the following:

1 Various companies scan their applications using the disclosed technology.

2 When the application scanning is complete, and the security analyst and/or developer decides to investigate specific issues, the user is not only presented

with the static inform...