公开(公告)号：US20150040229A1

公开(公告)日：2015-02-05

申请号：US13959640

申请日：2013-08-05

Applicant: Netflix, Inc.

Inventor： Jason Chan ,  Patrick Kelley ,  Benjamin Hagen ,  Samuel Reed

IPC: G06F21/57

CPC classification number: G06F21/577

Abstract: A method and system for discovering and testing security assets is provided. Based on source definition data describing sources to monitor on the one or more computer networks, an example system scans the sources to identify security assets. The system analyses the security assets to identify characteristics of the server-based applications. The system stores database records describing the security assets and the identified characteristics. The system queries the database records to select, based at least on the identified characteristics, one or more target assets, from the security assets, on which to conduct one or more security tests. Responsive to selecting the one or more target assets, the system conducts the one or more security tests on the one or more target assets. The system identifies one or more security vulnerabilities at the one or more target assets based on the conducted one or more security tests.

Abstract translation: 提供了一种发现和测试安全资产的方法和系统。 基于描述在一个或多个计算机网络上监视的源的源定义数据，示例系统扫描源以识别安全资产。 系统分析安全资产以识别基于服务器的应用程序的特征。 系统存储描述安全资产和识别的特征的数据库记录。 系统查询数据库记录，至少基于所识别的特征，从进行一次或多次安全测试的安全资产中选择一个或多个目标资产。 响应于选择一个或多个目标资产，系统对一个或多个目标资产进行一次或多次安全测试。 该系统基于所进行的一个或多个安全测试来识别一个或多个目标资产上的一个或多个安全漏洞。

公开(公告)号：US09990499B2

公开(公告)日：2018-06-05

申请号：US13959640

申请日：2013-08-05

Applicant: Netflix, Inc.

Inventor： Jason Chan ,  Patrick Kelley ,  Benjamin Hagen ,  Samuel Reed

IPC: G06F21/57

CPC classification number: G06F21/577

Abstract: A method and system for discovering and testing security assets is provided. Based on source definition data describing sources to monitor on the one or more computer networks, an example system scans the sources to identify security assets. The system analyses the security assets to identify characteristics of the server-based applications. The system stores database records describing the security assets and the identified characteristics. The system queries the database records to select, based at least on the identified characteristics, one or more target assets, from the security assets, on which to conduct one or more security tests. Responsive to selecting the one or more target assets, the system conducts the one or more security tests on the one or more target assets. The system identifies one or more security vulnerabilities at the one or more target assets based on the conducted one or more security tests.

公开(公告)号：US10769282B2

公开(公告)日：2020-09-08

申请号：US15997623

申请日：2018-06-04

Applicant: NETFLIX, INC.

Inventor： Jason Chan ,  Patrick Kelley ,  Benjamin Hagen ,  Samuel Reed

IPC: G06F21/57

Abstract: A method and system for discovering and testing security assets is provided. Based on source definition data describing sources to monitor on the one or more computer networks, an example system scans the sources to identify security assets. The system analyses the security assets to identify characteristics of the server-based applications. The system stores database records describing the security assets and the identified characteristics. The system queries the database records to select, based at least on the identified characteristics, one or more target assets, from the security assets, on which to conduct one or more security tests. Responsive to selecting the one or more target assets, the system conducts the one or more security tests on the one or more target assets. The system identifies one or more security vulnerabilities at the one or more target assets based on the conducted one or more security tests.

公开(公告)号：US20180349615A1

公开(公告)日：2018-12-06

申请号：US15997623

申请日：2018-06-04

Applicant: NETFLIX, INC.

Inventor： Jason Chan ,  Patrick Kelley ,  Benjamin Hagen ,  Samuel Reed

IPC: G06F21/57

Abstract: A method and system for discovering and testing security assets is provided. Based on source definition data describing sources to monitor on the one or more computer networks, an example system scans the sources to identify security assets. The system analyses the security assets to identify characteristics of the server-based applications. The system stores database records describing the security assets and the identified characteristics. The system queries the database records to select, based at least on the identified characteristics, one or more target assets, from the security assets, on which to conduct one or more security tests. Responsive to selecting the one or more target assets, the system conducts the one or more security tests on the one or more target assets. The system identifies one or more security vulnerabilities at the one or more target assets based on the conducted one or more security tests.