Structured Application Protection Process (SAPP)

Award Information
Agency:
Department of Defense
Branch:
Missile Defense Agency
Amount:
$99,815.00
Award Year:
2009
Program:
SBIR
Phase:
Phase I
Contract:
HQ0006-09-C-7166
Agency Tracking Number:
B083-042-0305
Solicitation Year:
2008
Solicitation Topic Code:
MDA08-042
Solicitation Number:
2008.3
Small Business Information
Sentar, Inc.
4900 University Square, Suite 8, Huntsville, AL, 35816
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
Y
Duns:
174265736
Principal Investigator
 Al Underbrink
 Senior Analyst
 (256) 430-0860
 aunderbrink@sentar.com
Business Contact
 Peter Kiss
Title: CEO
Phone: (256) 430-0860
Email: pkiss@sentar.com
Research Institution
N/A
Abstract
The Structured Application Protection Process (SAPP) system concept classifies software applications into domains. Each domain class represents different operational aspects of software – such as real-time response, data management, compute intensive, and user interactive – to correlates a likelihood of vulnerabilities with an application software type. A threat model is used to correlate attack vectors with vulnerabilities for prioritizing both penetration testing and operational monitoring. The threat model utilizes a standard classification of attack patterns to identify the attack vectors most likely to be used against known vulnerabilities. The correlation of threats with vulnerabilities produces a risk assessment which can be used in the development of a remediation strategy. The proposed project reduces technical risk by leveraging prior research and development and by using standard descriptions of vulnerabilities, weaknesses, and attack patterns. The innovation of the proposed concept is to make as efficient as possible the analysis and implementation of protecting application software.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government