-
公开(公告)号:US11663341B2
公开(公告)日:2023-05-30
申请号:US16723479
申请日:2019-12-20
Applicant: Amazon Technologies, Inc.
Inventor: Jon Arron McClintock , Alun Jones , Narasimha Rao Lakkakula
CPC classification number: G06F21/577 , G06F8/71 , G06F8/77 , G06F11/3604
Abstract: Disclosed are various embodiments for tracking developer behavior with respect to software analysis tools. In one embodiment, a security analysis is performed upon a first revision of a program, where the security analysis is based at least in part on a plurality of rules. A first security issue found in the security analysis upon the first revision of the program is identified. The security analysis is performed upon a second revision of the program. A second security issue found in the security analysis upon the second revision of the program is identified. The rules are updated based at least in part on whether the first security issue is corrected in the second revision as determined based at least in part on a comparison of the first security issue to the second security issue.
-
公开(公告)号:US09727736B1
公开(公告)日:2017-08-08
申请号:US14517018
申请日:2014-10-17
Applicant: Amazon Technologies, Inc.
Inventor: Jon Arron McClintock , Alun Jones , Narasimha Rao Lakkakula
CPC classification number: G06F21/577 , G06F8/71 , G06F8/77 , G06F11/36
Abstract: Disclosed are various embodiments for tracking developer behavior with respect to software analysis tools. In a first embodiment, issues with a first revision of a program are identified with an analysis tool. The configuration of the analysis tool may be updated based at least in part on a status of the issues in the second revision of the program. In a second embodiment, an analysis tool identifies issues with a program. A developer responsible for the issues is identified. A coding characteristic associated with the developer is then determined.
-
公开(公告)号:US09923916B1
公开(公告)日:2018-03-20
申请号:US14741536
申请日:2015-06-17
Applicant: Amazon Technologies, Inc.
Inventor: Jon McClintock , Alun Jones
CPC classification number: H04L63/1433 , G06F21/00 , H04L67/02
Abstract: Adaptive methods and systems are provided to scan websites/Web applications for vulnerabilities. The methods and systems identify a reference string in a first response web page and an authorized context in which the reference string appears. The first response web page is generated at least in part based on the reference string. An escape attempt input is determined based on the reference string and authorized context, and the escape attempt input is present to the website. The methods and systems identify an escape attempt input in a second response web page and a candidate context in which the escape attempt input appears, wherein the second response web page is generated at least in part based on the escape attempt input. The methods and systems determine when the escape attempt input appears in an un-authorized context in the second response web page. The adaptive methods and systems herein, efficiently identify website vulnerabilities, and thus may be run frequently, thereby resulting in improved security without excessively drawing upon website resources.
-
公开(公告)号:US10528743B2
公开(公告)日:2020-01-07
申请号:US15651277
申请日:2017-07-17
Applicant: Amazon Technologies, Inc.
Inventor: Jon Arron McClintock , Alun Jones , Narasimha Rao Lakkakula
Abstract: Disclosed are various embodiments for identifying characteristics of developers of problematic software. Report data generated by a security analysis tool is received, which is based at least in part on a security analysis of a program or an operational configuration. The report data indicates one or more security issues identified in the program or the operational configuration. A user is identified who is responsible for at least a threshold impact of the security issue(s). Coding or configuration characteristics associated with the user are then determined.
-
-
-
Search Results
4
records
(took 0.012 seconds)
