Browse Prior Art Database

System, Method and Apparatus for Quantifying Attack Likelihood in Dynamic Security Testing

IP.com Disclosure Number: IPCOM000238064D
Publication Date: 2014-Jul-30

Publishing Venue

The IP.com Prior Art Database

Abstract

Current dynamic analysis tools do not model, as part of the security assessment they produce, the likelihood of exploiting a given problem. This leaves the developer to either organize the remediation process in some ad-hoc way, e.g. based on the types of reported vulnerabilities or manually review the entire scenario reported by the tool and spend expensive time on determining exploitability manually.. We have identified several criteria that can be checked automatically and together provide an accurate indication as to the degree to which a vulnerability is exploitable.