System, Method and Apparatus for Quantifying Attack Likelihood in Dynamic Security Testing
Publication Date: 2014-Jul-30
The IP.com Prior Art Database
Current dynamic analysis tools do not model, as part of the security assessment they produce, the likelihood of exploiting a given problem. This leaves the developer to either organize the remediation process in some ad-hoc way, e.g. based on the types of reported vulnerabilities or manually review the entire scenario reported by the tool and spend expensive time on determining exploitability manually.. We have identified several criteria that can be checked automatically and together provide an accurate indication as to the degree to which a vulnerability is exploitable.