System, Method and Apparatus for Constraining Deployment Options for a Software System to Remove Deployment-specific Security Threats
Publication Date: 2013-May-29
The IP.com Prior Art Database
Many of the security vulnerabilities detected by analysis tool are deployment specific. For example, a vulnerability may arise only given a specific type and version of backend databse or a particular web framework. For deployment-specific findings, current analysis tools simply report a vulnerability to the user. We propose to go a step further and allow more effective treatment of such findings by transforming the target application, such that only in the event that it is installed/deployed/executed such that the deployment-specific findings become relevant, will the host system make use of these findings.