| 摘要 |
A standardized system for assessing the security of web based applications which has a component for collecting information regarding threat and vulnerabilities to web applications is described. The system includes a component for organizing the information regarding threat and vulnerabilities to web applications into a uniform language so that the information is integrated throughout the entirety of the system. Further, the system has a component for expressing the information in a structured and uniform format of a hierarchical relationship between threat and vulnerabilities which includes threat vulnerability trees. The system includes a component for rating the threats and vulnerabilities under a uniform rating system. The system includes a component for integrating the information into both a storage component and also a presentation component for presenting the information. The presentation component presents the information in a graphical format which visually demonstrates the relationships between the threats and the vulnerabilities.
|
