US Patent 11907378 Automated application vulnerability and risk assessment

Embodiments assess security vulnerability of an application. An embodiment runs one or more static and dynamic analysis tools on the application to generate a static vulnerability report and a dynamic vulnerability report. In turn, code of the application is decompiled to identify code of the application that accepts user input. One or more vulnerabilities of the application are determined using the identified code of the application that accepts user input and a vulnerability report is generated that indicates the one or more vulnerabilities of the application determined using the identified code of the application that accepts user input. A final static vulnerability report and a final dynamic vulnerability report are generated based on the static and dynamic vulnerability reports and the generated vulnerability report indicating the one or more vulnerabilities of the application determined using the identified code of the application that accepts user input.