Structured Application Protection Process (SAPP)

Award Information
Agency:
Department of Defense
Branch
Missile Defense Agency
Amount:
$998,602.00
Award Year:
2010
Program:
SBIR
Phase:
Phase II
Contract:
HQ0006-10-C-7275
Award Id:
91608
Agency Tracking Number:
B083-042-0305
Solicitation Year:
n/a
Solicitation Topic Code:
MDA 08-042
Solicitation Number:
n/a
Small Business Information
315 Wynn Drive, Suite 1, Huntsville, AL, 35805
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
174265736
Principal Investigator:
Al Underbrink
Senior Analyst
(256) 430-0860
al.underbrink@sentar.com
Business Contact:
Sharon Yalowitz
Contracts Manager
(256) 430-0860
sharon.yalowitz@sentar.com
Research Institute:
n/a
Abstract
The Structured Application Protection Process (SAPP) system concept classifies software applications into domains. Each domain class represents different operational aspects of software - such as real-time response, data management, computationally-intensive, and user interactive - to correlate a likelihood of vulnerabilities with an application software type. A threat model is used to correlate attack vectors with vulnerabilities for prioritizing both penetration testing and operational monitoring. The threat model utilizes a standard classification of attack patterns to identify the attack vectors most likely to be used against known vulnerabilities. The correlation of threats with vulnerabilities produces a risk assessment which can be used in the development of a penetration testing strategy. The pen testing strategy is then automatically executed to identify likely vulnerabilities and weaknesses and how they may be remediated. The proposed project reduces technical risk by leveraging prior research and development and by using standard descriptions of vulnerabilities (CVE), weaknesses (CWE), and attack patterns (CAPEC). The innovation of the proposed concept is to make as efficient as possible the testing and verification of application software.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government