| CPC G06F 21/604 (2013.01) [G06F 11/3688 (2013.01)] | 20 Claims |
|
1. A system for automatically training a security analysis component to evaluate an application under test (AUT) for compliance with a security context, comprising:
at least one processor of a number of processors that accesses instructions maintained in a non-transitory memory, that, when executed by the at least one processor of the number of processors, cause the at least one processor of the number of processors to:
access the security context defining protected data, the protected data comprising one or more datum of a set of data;
generate a set of rules defining risks to the protected data, wherein the risks comprise usages of the protected data;
configure the security analysis component with the set of rules for testing the AUT for compliance with the security context; and
in response to receiving a request for a requested datum of the set of data, the security analysis component selectively returns or declines the requested datum in accordance with evaluating the requested datum with the set of rules; and
wherein the security analysis component performs tests on the AUT comprising identifying a call path utilizing the protected data, in accordance with the set of rules, and wherein the call path defines steps in the AUT and the AUT comprises source code; and
wherein the call path that accesses the protected data is marked with a taint flag and wherein the taint flag is assigned to all subsequent manipulations originating from the protected data.
|