主权项 |
1. A method for fixing application vulnerabilities, comprising:
identifying, by a computing device, one or more application vulnerabilities through a first dynamic security assessment and a static security assessment of an application; fixing, by the computing device, at least one of a first set of vulnerability instances reported in the static security assessment based on a secure coding practice; running, by the computing device, a plurality of other dynamic security assessments to identify one or more of a second set of vulnerability instances reported in the first dynamic security assessment that have been fixed by the fixing of the at least one of the first set of vulnerability instances reported in the static security assessment; identifying, by the computing device, one or more of a third set of vulnerability instances reported in the plurality of other dynamic security assessments that correspond to the at least one of the first set of vulnerability instances reported in the static security assessment by correlating one or more results of the plurality of other dynamic security assessments and the static security assessment; determining, by the computing device, a shortest path to fix the one or more application vulnerabilities when one or more of the third set of vulnerability instances reported in the plurality of other dynamic security assessments correspond to at least one of the first set of vulnerability instances reported in the static security assessment; and fixing, by the computing device, the one or more application vulnerabilities based on the correlation and the shortest path to fix the one or more application vulnerabilities. |