公开(公告)号：US08768964B2

公开(公告)日：2014-07-01

申请号：US13047544

申请日：2011-03-14

Applicant: Robert Fly ,  Collin Greene ,  Brian Soby ,  James Dolph

Inventor： Robert Fly ,  Collin Greene ,  Brian Soby ,  James Dolph

IPC: G06F17/30

CPC classification number: H04L9/3234 ,  G06F21/577 ,  H04L63/1408

Abstract: Disclosed are systems, apparatus, methods, and computer readable media for analyzing computing site information. In one embodiment, an analysis tool for analyzing a first site record stored on a storage medium may be selected. The first site record comprising information may relate to a computing site. The computing site may comprise a unit of computing functionality accessible via a network. When it is determined that first confidentiality level for the computing site exceeds a trust level for the analysis tool, the first site record may be modified to create a second site record, the second site record having a second confidentiality level, the second confidentiality level not exceeding the trust level.

Abstract translation: 公开了用于分析计算站点信息的系统，装置，方法和计算机可读介质。 在一个实施例中，可以选择用于分析存储在存储介质上的第一站点记录的分析工具。 包括信息的第一站点记录可以涉及计算站点。 计算站点可以包括经由网络可访问的计算功能单元。 当确定计算站点的第一机密级别超过分析工具的信任级别时，可以修改第一站点记录以创建第二站点记录，第二站点记录具有第二机密级别，第二机密级别不是 超过信任级别。

公开(公告)号：US08701198B2

公开(公告)日：2014-04-15

申请号：US12854106

申请日：2010-08-10

Applicant: Collin Greene ,  Robert Fly ,  Varun Badhwar

Inventor： Collin Greene ,  Robert Fly ,  Varun Badhwar

IPC: G06F21/00

CPC classification number: G06F21/128 ,  G06F2221/033

Abstract: A system and method for performing security analysis on a software application. In one embodiment, a method includes receiving application architecture information for a software application; and determining an application type based on the application architecture information. The method also includes performing one or more security tests on the software application based on the application type and the application architecture information; and approving the software application to be available in an online marketplace if the software application passes the one or more security tests.

Abstract translation: 一种用于对软件应用程序执行安全性分析的系统和方法。 在一个实施例中，一种方法包括接收用于软件应用的应用架构信息; 以及基于所述应用架构信息确定应用类型。 该方法还包括基于应用类型和应用架构信息对软件应用执行一个或多个安全测试; 并且如果软件应用程序通过一个或多个安全测试，则批准软件应用程序在在线市场中可用。

公开(公告)号：US20110283356A1

公开(公告)日：2011-11-17

申请号：US13047549

申请日：2011-03-14

Applicant: Robert Fly ,  Collin Greene ,  Brian Soby ,  James Dolph

Inventor： Robert Fly ,  Collin Greene ,  Brian Soby ,  James Dolph

IPC: G06F21/22

CPC classification number: H04L9/3234 ,  G06F21/577 ,  H04L63/1408

Abstract: Disclosed are systems, apparatus, methods, and computer readable media for determining a combined trust level for a website. In one embodiment, a user account associated with the creation or maintenance of the website may be analyzed. The analysis of the user account may be capable of identifying the presence or absence of a first risk factor affecting a likelihood that the user account is engaged in a malicious activity. A source code file capable of being used to create a message for sending to a remote computing device may be analyzed. The analysis of the source code file may be capable of identifying the presence or absence of a second risk factor affecting a likelihood that the source code file is facilitating a malicious activity. Based on the analysis, a combined trust level for the website may be determined.

Abstract translation: 公开了用于确定网站的组合信任级别的系统，装置，方法和计算机可读介质。 在一个实施例中，可以分析与创建或维护网站相关联的用户帐户。 用户帐户的分析可能能够识别影响用户帐户参与恶意活动的可能性的第一风险因素的存在或不存在。 可以分析能够用于创建用于发送到远程计算设备的消息的源代码文件。 源代码文件的分析可能能够识别影响源代码文件促进恶意活动的可能性的第二风险因素的存在或不存在。 基于分析，可以确定网站的组合信任级别。

公开(公告)号：US20110282908A1

公开(公告)日：2011-11-17

申请号：US13047544

申请日：2011-03-14

Applicant: Robert Fly ,  Collin Greene ,  Brian Soby ,  James Dolph

Inventor： Robert Fly ,  Collin Greene ,  Brian Soby ,  James Dolph

IPC: G06F17/30

CPC classification number: H04L9/3234 ,  G06F21/577 ,  H04L63/1408

Abstract: Disclosed are systems, apparatus, methods, and computer readable media for analyzing computing site information. In one embodiment, an analysis tool for analyzing a first site record stored on a storage medium may be selected. The first site record comprising information may relate to a computing site. The computing site may comprise a unit of computing functionality accessible via a network. When it is determined that first confidentiality level for the computing site exceeds a trust level for the analysis tool, the first site record may be modified to create a second site record, the second site record having a second confidentiality level, the second confidentiality level not exceeding the trust level.

Abstract translation: 公开了用于分析计算站点信息的系统，装置，方法和计算机可读介质。 在一个实施例中，可以选择用于分析存储在存储介质上的第一站点记录的分析工具。 包括信息的第一站点记录可以涉及计算站点。 计算站点可以包括经由网络可访问的计算功能单元。 当确定计算站点的第一机密级别超过分析工具的信任级别时，可以修改第一站点记录以创建第二站点记录，第二站点记录具有第二机密级别，第二机密级别不是 超过信任级别。

公开(公告)号：US09507940B2

公开(公告)日：2016-11-29

申请号：US12854102

申请日：2010-08-10

Applicant: Collin Greene ,  Robert Fly

Inventor： Collin Greene ,  Robert Fly

IPC: G06F21/57 ,  G06F11/36

CPC classification number: G06F21/57 ,  G06F11/3688 ,  G06F2221/033

Abstract: A system and method for adapting a security tool for performing security analysis on a software application. In one embodiment, a method includes maintaining a registry of security tools; receiving code for a software application; and comparing component criteria for each security tool against each component of the software application, wherein the component criteria for each respective security tool indicate which components the respective security tool is designed to analyze for security vulnerabilities. The method also includes generating a tool-specific package for each component of the software application, wherein the tool-specific package comprises one or more security tools that are designed to analyze the respective component for security vulnerabilities.

Abstract translation: 一种用于调整用于对软件应用执行安全性分析的安全工具的系统和方法。 在一个实施例中，一种方法包括维护安全工具的注册表; 接收软件应用程序的代码; 以及将每个安全工具的组件标准与软件应用程序的每个组件进行比较，其中每个相应安全工具的组件标准指示相应的安全工具被设计为分析哪些组件的安全漏洞。 该方法还包括为软件应用程序的每个组件生成针对工具的包，其中该工具专用包包括一个或多个安全工具，该安全工具旨在分析相应组件的安全漏洞。

公开(公告)号：US08516591B2

公开(公告)日：2013-08-20

申请号：US13047549

申请日：2011-03-14

Applicant: Robert Fly ,  Collin Greene ,  Brian Soby ,  James Dolph

Inventor： Robert Fly ,  Collin Greene ,  Brian Soby ,  James Dolph

IPC: H04L29/06 ,  G06F21/00

CPC classification number: H04L9/3234 ,  G06F21/577 ,  H04L63/1408

Abstract: Disclosed are systems, apparatus, methods, and computer readable media for determining a combined trust level for a website. In one embodiment, a user account associated with the creation or maintenance of the website may be analyzed. The analysis of the user account may be capable of identifying the presence or absence of a first risk factor affecting a likelihood that the user account is engaged in a malicious activity. A source code file capable of being used to create a message for sending to a remote computing device may be analyzed. The analysis of the source code file may be capable of identifying the presence or absence of a second risk factor affecting a likelihood that the source code file is facilitating a malicious activity. Based on the analysis, a combined trust level for the website may be determined.

Abstract translation: 公开了用于确定网站的组合信任级别的系统，装置，方法和计算机可读介质。 在一个实施例中，可以分析与创建或维护网站相关联的用户帐户。 用户帐户的分析可能能够识别影响用户帐户参与恶意活动的可能性的第一风险因素的存在或不存在。 可以分析能够用于创建用于发送到远程计算设备的消息的源代码文件。 源代码文件的分析可能能够识别影响源代码文件促进恶意活动的可能性的第二风险因素的存在或不存在。 基于分析，可以确定网站的组合信任级别。

公开(公告)号：US20120042384A1

公开(公告)日：2012-02-16

申请号：US12854106

申请日：2010-08-10

Applicant: Varun Badhwar ,  Collin Greene ,  Robert Fly

Inventor： Varun Badhwar ,  Collin Greene ,  Robert Fly

IPC: G06F21/00

CPC classification number: G06F21/128 ,  G06F2221/033

Abstract: A system and method for performing security analysis on a software application. In one embodiment, a method includes receiving application architecture information for a software application; and determining an application type based on the application architecture information. The method also includes performing one or more security tests on the software application based on the application type and the application architecture information; and approving the software application to be available in an online marketplace if the software application passes the one or more security tests.

Abstract translation: 一种用于对软件应用程序执行安全性分析的系统和方法。 在一个实施例中，一种方法包括接收用于软件应用的应用架构信息; 以及基于所述应用架构信息确定应用类型。 该方法还包括基于应用类型和应用架构信息对软件应用执行一个或多个安全测试; 并且如果软件应用程序通过一个或多个安全测试，则批准软件应用程序在在线市场中可用。

公开(公告)号：US20120042383A1

公开(公告)日：2012-02-16

申请号：US12854102

申请日：2010-08-10

Applicant: Collin Greene ,  Robert Fly

Inventor： Collin Greene ,  Robert Fly

IPC: G06F11/00

CPC classification number: G06F21/57 ,  G06F11/3688 ,  G06F2221/033

Abstract: A system and method for adapting a security tool for performing security analysis on a software application. In one embodiment, a method includes maintaining a registry of security tools; receiving code for a software application; and comparing component criteria for each security tool against each component of the software application, wherein the component criteria for each respective security tool indicate which components the respective security tool is designed to analyze for security vulnerabilities. The method also includes generating a tool-specific package for each component of the software application, wherein the tool-specific package comprises one or more security tools that are designed to analyze the respective component for security vulnerabilities.

Abstract translation: 一种用于调整用于对软件应用执行安全性分析的安全工具的系统和方法。 在一个实施例中，一种方法包括维护安全工具的注册表; 接收软件应用程序的代码; 以及将每个安全工具的组件标准与软件应用程序的每个组件进行比较，其中每个相应安全工具的组件标准指示相应的安全工具被设计为分析哪些组件的安全漏洞。 该方法还包括为软件应用程序的每个组件生成针对工具的包，其中该工具专用包包括一个或多个安全工具，该安全工具旨在分析相应组件的安全漏洞。

公开(公告)号：US20110307452A1

公开(公告)日：2011-12-15

申请号：US12977593

申请日：2010-12-23

Applicant: Robert Fly ,  Collin Greene ,  Brendan O'Connor ,  Brian Soby

Inventor： Robert Fly ,  Collin Greene ,  Brendan O'Connor ,  Brian Soby

IPC: G06F17/30

CPC classification number: G06F21/577

Abstract: A system and method for performing code analysis in a database system. In one embodiment, a method includes receiving a request to scan code for a software application. The method further includes fetching metadata associated with a user, fetching the code for the software application, and scanning the code.

Abstract translation: 一种用于在数据库系统中执行代码分析的系统和方法。 在一个实施例中，一种方法包括接收扫描软件应用程序代码的请求。 该方法还包括获取与用户相关联的元数据，获取软件应用程序的代码以及扫描代码。