专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20180025154A1 Method of Correlating Static and Dynamic Application Security Testing Results for a Web and Mobile Application 审中-公开
公开(公告)号：US20180025154A1
公开(公告)日：2018-01-25
申请号：US15687186
申请日：2017-08-25
申请人： Denim Group, Ltd.
发明人： Dan Cornell , Mac Collins
IPC分类号： G06F21/55 , G06F21/56 , G06F21/57
CPC分类号： G06F21/552 , G06F21/563 , G06F21/566 , G06F21/577 , G06F2221/033 , H04L63/1425 , H04W12/12
摘要： The invention provides a method of correlating and merging static application security testing (SAST) and dynamic application security testing (DAST) for web and mobile applications. The invention provides a method for categorizing and comparing various endpoint objects including the path (i.e., location within the application's attack surface), one or more parameters, an HTTPMethod, a filename on the file system, line number, and mobile entry point.

2. 发明授权

US10116681B2 Method of detecting shared vulnerable code 有权
公开(公告)号：US10116681B2
公开(公告)日：2018-10-30
申请号：US15387012
申请日：2016-12-21
申请人： Denim Group, Ltd.
发明人： Dan Cornell , Sinh Nhat Tran
IPC分类号： H04L29/06 , G06Q10/06
摘要： A method of detecting shared vulnerable code across a plurality of applications to efficiently facilitate remediation of such shared vulnerabilities by the appropriate development teams. The method includes the steps of creating a consolidated vulnerability database populated with vulnerability testing results of a plurality of applications; comparing each vulnerability testing result within the consolidated vulnerability database to match vulnerability locations and the number of data/control flow elements; assigning a confidence to each vulnerability within the consolidated vulnerability database based on vulnerability location matches and data/control flow element matches; assigning a severity to each vulnerability within the consolidated vulnerability database; assigning a criticality to each of the plurality of applications; and creating a database of risk-ranked, confidence-scored vulnerabilities based on the confidence assigned to each vulnerability, the severity of each vulnerability, and the criticality of each application.

3. 发明授权

US10043004B2 Method of correlating static and dynamic application security testing results for a web and mobile application 有权
公开(公告)号：US10043004B2
公开(公告)日：2018-08-07
申请号：US15687186
申请日：2017-08-25
申请人： Denim Group, Ltd.
发明人： Dan Cornell , Mac Collins
IPC分类号： G06F21/56 , G06F21/55 , G06F21/57
摘要： The invention provides a method of correlating and merging static application security testing (SAST) and dynamic application security testing (DAST) for web and mobile applications. The invention provides a method for categorizing and comparing various endpoint objects including the path (i.e., location within the application's attack surface), one or more parameters, an HTTPMethod, a filename on the file system, line number, and mobile entry point.

4. 发明申请

US20160246965A1 Method of Correlating Static and Dynamic Application Security Testing Results for a Web Application 审中-公开
标题翻译：关联Web应用程序的静态和动态应用程序安全测试结果的方法
公开(公告)号：US20160246965A1
公开(公告)日：2016-08-25
申请号：US15011817
申请日：2016-02-01
申请人： Denim Group, Ltd.
发明人： Dan Cornell , Mac Collins
IPC分类号： G06F21/57
CPC分类号： G06F21/577 , G06F2221/033
摘要： A method of correlating a static application security testing (SAST) finding and a dynamic application security testing (DAST) finding for an application having a file system with code files containing at least one artifact, which application has an application framework that may be classified as having either a direct framework or an indirect framework.
摘要翻译：一种将静态应用程序安全测试（SAST）查找与动态应用程序安全性测试（DAST）查找相关联的方法，该应用程序具有包含至少一个工件的代码文件的文件系统，该应用程序具有应用框架，该应用程序框架可分为具有直接框架或间接框架。

5. 发明授权

US10043012B2 Method of correlating static and dynamic application security testing results for a web application 有权
公开(公告)号：US10043012B2
公开(公告)日：2018-08-07
申请号：US15011817
申请日：2016-02-01
申请人： Denim Group, Ltd.
发明人： Dan Cornell , Mac Collins
IPC分类号： G06F21/57
摘要： A method of correlating a static application security testing (SAST) finding and a dynamic application security testing (DAST) finding for an application having a file system with code files containing at least one artifact, which application has an application framework that may be classified as having either a direct framework or an indirect framework.

6. 发明申请

US20180176245A1 Method of Detecting Shared Vulnerable Code 审中-公开
公开(公告)号：US20180176245A1
公开(公告)日：2018-06-21
申请号：US15387012
申请日：2016-12-21
申请人： Denim Group, Ltd.
发明人： Dan Cornell , Sinh Nhat Tran
IPC分类号： H04L29/06 , G06Q10/06
CPC分类号： H04L63/1433 , G06Q10/06 , H04L63/1425
摘要： A method of detecting shared vulnerable code to efficiently facilitate remediation of such vulnerabilities by the appropriate development teams. The method includes the steps of creating a consolidated vulnerability database populated with vulnerability testing results of a plurality of applications; comparing at least one of the filename, the line number, and the line text associated with each vulnerability within the consolidated vulnerability database to the filename, line number, and line text associated with every other vulnerability within the consolidated vulnerability database and recording any filename, line number, and line text matches as vulnerability location matches; comparing the number of data/control flow elements of each of the plurality of applications to the number of data/control flow elements of every other of the plurality of applications and recording any matches as data/control flow element matches; assigning a confidence to each vulnerability within the consolidated vulnerability database based on vulnerability location matches and data/control flow element matches; assigning a severity to each vulnerability within the consolidated vulnerability database; assigning a criticality to each of the plurality of applications; and creating a database of risk-ranked, confidence-scored vulnerabilities based on the confidence assigned to each vulnerability, the severity of each vulnerability, and the criticality of each application.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式