COMPUTER SYSTEM FOR DISCOVERY OF VULNERABILITIES IN APPLICATIONS INCLUDING GUIDED TESTER PATHS BASED ON APPLICATION COVERAGE MEASURES

摘要

A testing system for testing computer system security includes control logic interposed between tester computers and a computer system under test. Tester computers are used by testers to test for security vulnerabilities of the computer system under test. A test results database contains records of tester interactions with the computer system under test and responses of the computer system under test to the tester interactions. A test mark database, coupled to the control logic, contains records related to granular elements of the computer system under test that are amenable to being tested for security vulnerabilities. Records of the test mark database indicate whether a corresponding granular element has been tested for security vulnerabilities. A coverage application, coupled to the test mark database, inputs data from the test mark database and outputs data indicating which granular elements of the computer system under test are to be tested.