The present invention relates generally to the field of security analysis, and more particularly to automatically tuning the configuration of security analysis tools based on correlation analysis.
Security analysis tools may be used to test an Internet application for security vulnerabilities during the development process of the application. Testing for security issues during development is beneficial as it is less expensive to fix such problems during development or before an application is released. The security analysis tools learn the behavior of each application being tested, whether an off-the-shelf application or an internally developed application, and develops a program intended to test all of the functions of the application for both general security issues and application-specific vulnerabilities.