View All Documents & Correspondence
Method And Device For Evaluating Security Assessment Of An Application
Abstract: Embodiments of the present disclosure disclose a method and a device for evaluating security assessment of an application. The method comprises receiving application entry data associated with a plurality of entry points of the application. Also, the method comprises identifying at least one security threat entry point based on the application entry data. Further, the method comprises computing a coverage index value based on the application entry data and the at least one security threat entry point and generating a recommendation report indicating security coverage of the application based on the coverage index value. FIGURE 3
Notices, Deadlines & Correspondence
Patent Information
Applicants
WIPRO LIMITED
Inventors
1. KAVITHA SRIDHAR
Specification
CLIAMS:We claim:
1. A method for evaluating security assessment of an application, comprising:
receiving, by a security assessment computing device, application entry data associated with a plurality of entry points of the application;
identifying, by the security assessment computing device, at least one security threat entry point based on the application entry data;
computing, by the security assessment computing device, a coverage index value based on the application entry data and the at least one security threat entry point; and
generating, by the security assessment computing device, a recommendation report indicating security coverage of the application based on the coverage index value.
2. The method as claimed in claim 1, wherein the application entry data comprises at least one of data associated with one or more technologies used for building the application, architecture data of the application, and data pertaining to interface of the application received, through a graphical user interface of the security assessment computing device, from a user of the application.
3. The method as claimed in claim 1, wherein receiving the application entry data further comprises receiving results of at least one of a static application security testing (SAST), a dynamic application security testing (DAST), a functionality test cases testing, and a web services testing.
4. The method as claimed in claim 1, wherein the plurality of entry points is at least one of a build web interface, a database and one or more web services.
5. The method as claimed in claim 1, wherein identifying the at least one security threat entry points comprising:
analyzing the application entry data based on results of at least one of a static application security testing (SAST), a dynamic application security testing (DAST), a functionality test cases testing, and a web services testing to obtain security information; and
identifying the at least one security threat entry point based on the security information, wherein entry points, from amongst the plurality of entry points, which are to be tested are the security threat entry points.
6. The method as claimed in claim 1, wherein the coverage index value is computed by performing arithmetic division of a number of the at least one security threat points by a number of the entry points.
7. The method as claimed in claim 1, wherein the recommendation report comprises, application entry data associated with a plurality of entry points of the application, the coverage index value one or more security threat entry points to be secured.
8. A security assessment computing device for evaluating security assessment of an application, comprising:
a processor; and
a memory communicatively coupled to the processor, wherein the memory stores processor-executable instructions, which, on execution, causes the processor to:
receive application entry data associated with a plurality of entry points of the application;
identify at least one security threat entry point based on the application entry data;
compute a coverage index value based on the application entry data and the at least one security threat entry point; and
generate a recommendation report indicating security coverage of the application based on the coverage index value.
9. The device as claimed in claim 8, wherein the application entry data comprises at least one of data associated with one or more technologies used for building the application, architecture data of the application, and data pertaining to interface of the application received, through a graphical user interface of the security assessment computing device, from a user of the application.
10. The device as claimed in claim 8, wherein the processor is further configured to receiving the application entry data further comprises receiving results of at least one of a static application security testing (SAST), a dynamic application security testing (DAST) and a web services testing.
11. The device as claimed in claim 8, wherein the plurality of entry points is at least one of a build web interface, a database and one or more web services.
12. The device as claimed in claim 8, wherein the processor is further configured to identifying the at least one security threat entry points comprising:
analyzing the application entry data based on results of at least one of a static application security testing (SAST), a dynamic application security testing (DAST), a functionality test cases testing, and a web services testing to obtain security information; and
identifying the at least one security threat entry point based on the security information, wherein entry points, from amongst the plurality of entry points, which are to be tested are the security threat entry points.
13. The device as claimed in claim 8, wherein the processor is configured to compute the coverage index value by performing arithmetic division of the at least one security threat points by a number of the entry points.
14. The device as claimed in claim 8, wherein the recommendation report comprises application entry data associated with a plurality of entry points of the application, the coverage index value one or more security threat entry points to be secured.
15. The device as claimed in claim 8, wherein the processor is further configured to generate, a security assessment report based on at least one of the data associated with entry points of the application, the coverage index value and the recommendation.
16. A non-transitory computer readable medium including instructions stored thereon that when processed by at least one processor cause a system to perform operations comprising:
receive application entry data associated with a plurality of entry points of the application;
identify at least one security threat entry point based on the application entry data;
compute a coverage index value based on the application entry data and the at least one security threat entry point; and
generate a recommendation report indicating security coverage of the application based on the coverage index value.
Dated this 18th day of June, 2015
SRAVAN KUMAR GAMPA
OF K & S PARTNERS
AGENT FOR THE APPLICANT
,TagSPECI:TECHNICAL FIELD
The present subject matter is related, in general to security assessment of an application and more particularly, but not exclusively to systems and methods for evaluating security assessment of an application.
Documents
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 3057-CHE-2015 FORM-9 18-06-2015.pdf | 2015-06-18 |
| 1 | 3057-CHE-2015-PROOF OF ALTERATION [07-12-2022(online)].pdf | 2022-12-07 |
| 2 | 3057-CHE-2015 FORM-18 18-06-2015.pdf | 2015-06-18 |
| 2 | 3057-CHE-2015-IntimationOfGrant29-09-2022.pdf | 2022-09-29 |
| 3 | IP31076-spec.pdf | 2015-06-24 |
| 3 | 3057-CHE-2015-PatentCertificate29-09-2022.pdf | 2022-09-29 |
| 4 | IP31076-fig.pdf | 2015-06-24 |
| 4 | 3057-CHE-2015-Response to office action [28-09-2022(online)].pdf | 2022-09-28 |
| 5 | FORM 5-IP31076.pdf | 2015-06-24 |
| 5 | 3057-CHE-2015-FORM 3 [27-09-2022(online)].pdf | 2022-09-27 |
| 6 | FORM 3-IP31076.pdf | 2015-06-24 |
| 6 | 3057-CHE-2015-PETITION UNDER RULE 137 [27-09-2022(online)].pdf | 2022-09-27 |
| 7 | 3057CHE2015_Prioritydocumentrequest.pdf | 2015-06-24 |
| 7 | 3057-CHE-2015-RELEVANT DOCUMENTS [27-09-2022(online)].pdf | 2022-09-27 |
| 8 | abstract 3057-CHE-2015.jpg | 2015-06-26 |
| 8 | 3057-CHE-2015-ABSTRACT [20-01-2020(online)].pdf | 2020-01-20 |
| 9 | 3057-CHE-2015-CLAIMS [20-01-2020(online)].pdf | 2020-01-20 |
| 9 | REQUEST FOR CERTIFIED COPY [19-12-2015(online)].pdf | 2015-12-19 |
| 10 | 3057-CHE-2015-CORRESPONDENCE [20-01-2020(online)].pdf | 2020-01-20 |
| 10 | 3057-CHE-2015-Power of Attorney-261115.pdf | 2016-05-30 |
| 11 | 3057-CHE-2015-FER_SER_REPLY [20-01-2020(online)].pdf | 2020-01-20 |
| 11 | 3057-CHE-2015-Form 1-261115.pdf | 2016-05-30 |
| 12 | 3057-CHE-2015-Correspondence-F1-GPA-261115.pdf | 2016-05-30 |
| 12 | 3057-CHE-2015-FORM 3 [20-01-2020(online)].pdf | 2020-01-20 |
| 13 | 3057-CHE-2015-FER.pdf | 2019-07-18 |
| 13 | 3057-CHE-2015-OTHERS [20-01-2020(online)].pdf | 2020-01-20 |
| 14 | 3057-CHE-2015-PETITION UNDER RULE 137 [20-01-2020(online)].pdf | 2020-01-20 |
| 15 | 3057-CHE-2015-FER.pdf | 2019-07-18 |
| 15 | 3057-CHE-2015-OTHERS [20-01-2020(online)].pdf | 2020-01-20 |
| 16 | 3057-CHE-2015-Correspondence-F1-GPA-261115.pdf | 2016-05-30 |
| 16 | 3057-CHE-2015-FORM 3 [20-01-2020(online)].pdf | 2020-01-20 |
| 17 | 3057-CHE-2015-Form 1-261115.pdf | 2016-05-30 |
| 17 | 3057-CHE-2015-FER_SER_REPLY [20-01-2020(online)].pdf | 2020-01-20 |
| 18 | 3057-CHE-2015-Power of Attorney-261115.pdf | 2016-05-30 |
| 18 | 3057-CHE-2015-CORRESPONDENCE [20-01-2020(online)].pdf | 2020-01-20 |
| 19 | 3057-CHE-2015-CLAIMS [20-01-2020(online)].pdf | 2020-01-20 |
| 19 | REQUEST FOR CERTIFIED COPY [19-12-2015(online)].pdf | 2015-12-19 |
| 20 | 3057-CHE-2015-ABSTRACT [20-01-2020(online)].pdf | 2020-01-20 |
| 20 | abstract 3057-CHE-2015.jpg | 2015-06-26 |
| 21 | 3057-CHE-2015-RELEVANT DOCUMENTS [27-09-2022(online)].pdf | 2022-09-27 |
| 21 | 3057CHE2015_Prioritydocumentrequest.pdf | 2015-06-24 |
| 22 | 3057-CHE-2015-PETITION UNDER RULE 137 [27-09-2022(online)].pdf | 2022-09-27 |
| 22 | FORM 3-IP31076.pdf | 2015-06-24 |
| 23 | 3057-CHE-2015-FORM 3 [27-09-2022(online)].pdf | 2022-09-27 |
| 23 | FORM 5-IP31076.pdf | 2015-06-24 |
| 24 | 3057-CHE-2015-Response to office action [28-09-2022(online)].pdf | 2022-09-28 |
| 24 | IP31076-fig.pdf | 2015-06-24 |
| 25 | IP31076-spec.pdf | 2015-06-24 |
| 25 | 3057-CHE-2015-PatentCertificate29-09-2022.pdf | 2022-09-29 |
| 26 | 3057-CHE-2015-IntimationOfGrant29-09-2022.pdf | 2022-09-29 |
| 26 | 3057-CHE-2015 FORM-18 18-06-2015.pdf | 2015-06-18 |
| 27 | 3057-CHE-2015-PROOF OF ALTERATION [07-12-2022(online)].pdf | 2022-12-07 |
| 27 | 3057-CHE-2015 FORM-9 18-06-2015.pdf | 2015-06-18 |
Search Strategy
| 1 | 2019-07-1814-00-41_18-07-2019.pdf |