Application security testing system

摘要

Embodiments of the invention are directed to an apparatus, method, and computer program product for an exposure based application security testing system. In some embodiments, the apparatus is configured to: access an application, wherein the application comprises an assessment parameter, wherein the assessment parameter comprises one or more assessment sub-parameters, wherein the one or more assessment sub-parameters comprise one or more assessment indicators; process the application, wherein processing the application comprises calculating a total exposure score for the application based on at least an application exposure score and a protective control score; determine whether the application qualifies for security testing based on at least the calculated total exposure score; and initiating the presentation of the qualified application to the user to implement security testing.

主权项

1. An apparatus for an exposure based application security testing system, the apparatus comprising:
a memory; a processor; and a module stored in memory and comprising instruction code that is executable by the processor, and configured to cause the processor to: access an application, wherein the application comprises an assessment parameter, wherein the assessment parameter comprises one or more assessment sub-parameters, wherein the one or more assessment sub-parameters comprise one or more assessment indicators; receive an input from a user, wherein the input from the user associates the one or more assessment indicators with the assessment parameter, wherein the assessment parameter is selected by the user based on at least an association of the application with one or more other applications; map the input received from the user to a predetermined exposure score resulting in a mapped score; calculate an application exposure score based on at least the mapped score thereby creating an exposure profile for the application, wherein calculating the application exposure score comprises summing the mapped score of the assessment parameter based on at least a normalization of the mapped score with the one or more sub-parameters associated with the assessment parameter; process the application, wherein processing the application comprises calculating a total exposure score for the application based on at least the application exposure score and a protective control score, wherein calculating the protective control score is based on at least an existence of a protective security firewall to limit unauthorized use and access to the application, wherein the total exposure score is a summation of the application exposure score and the protective control score; determine whether the application qualifies for security testing based on at least the calculated total exposure score; compare the total exposure score to a predetermined threshold score; determine whether the total exposure score is greater than the predetermined threshold score; and initiate a presentation of the application to the user to implement security testing based on at least determining whether the total exposure score is greater than the predetermined threshold score.