-
公开(公告)号:US10019581B2
公开(公告)日:2018-07-10
申请号:US15822152
申请日:2017-11-26
发明人: Omer Tripp , Omri Weisman
CPC分类号: G06F21/577 , G06F21/56
摘要: Identifying stored security vulnerabilities in computer software applications by providing via a first interface of a computer software application during execution of the computer software application, test data having a characteristic of a malicious payload, where an interaction performed with the first interface resulted in data being written to a location within a persistent data store, and where an interaction performed with a second interface of the computer software application resulted in data being read from the location within the persistent data store, and identifying a stored security vulnerability associated with the computer software application if the test data are written to the persistent data store at the location.
-
公开(公告)号:US20180075245A1
公开(公告)日:2018-03-15
申请号:US15822152
申请日:2017-11-26
发明人: Omer Tripp , Omri Weisman
IPC分类号: G06F21/57
CPC分类号: G06F21/577 , G06F21/56
摘要: Identifying stored security vulnerabilities in computer software applications by providing via a first interface of a computer software application during execution of the computer software application, test data having a characteristic of a malicious payload, where an interaction performed with the first interface resulted in data being written to a location within a persistent data store, and where an interaction performed with a second interface of the computer software application resulted in data being read from the location within the persistent data store, and identifying a stored security vulnerability associated with the computer software application if the test data are written to the persistent data store at the location.
-
公开(公告)号:US09904786B2
公开(公告)日:2018-02-27
申请号:US13743474
申请日:2013-01-17
发明人: Omer Tripp , Omri Weisman
IPC分类号: G06F21/57
CPC分类号: G06F21/577 , G06F21/56
摘要: Identifying stored security vulnerabilities in computer software applications by providing via a first interface of a computer software application during execution of the computer software application, test data having a characteristic of a malicious payload, where an interaction performed with the first interface resulted in data being written to a location within a persistent data store, and where an interaction performed with a second interface of the computer software application resulted in data being read from the location within the persistent data store, and identifying a stored security vulnerability associated with the computer software application if the test data are written to the persistent data store at the location.
-
公开(公告)号:US20170351761A1
公开(公告)日:2017-12-07
申请号:US15688167
申请日:2017-08-28
发明人: Shahar Sperling , Omer Tripp , Omri Weisman
CPC分类号: G06F17/30864 , G06F17/2235 , G06F17/30958
摘要: Crawling computer-based documents by performing static analysis on a computer-based document to identify within the computer-based document one or more execution vectors, where each execution vector includes a computer program segment including a call to an entity that is external to the computer-based document, and one or more additional computer program segments whose execution precedes and leads ultimately to execution of the computer program segment that includes the call to the entity, and causing any of the computer program segments in any of the execution vectors to be executed during a crawling of the computer-based document, and any computer program segment within the computer-based document that is excluded from the execution vectors to be excluded from execution during the crawling of the computer-based document.
-
5.发明授权Optimizing test data payload selection for testing computer software applications that employ data sanitizers and data validators 有权优化测试数据有效载荷选择,以测试采用数据消毒剂和数据验证器的计算机软件应用程序公开(公告)号:US09262309B2
公开(公告)日:2016-02-16
申请号:US14040797
申请日:2013-09-30
发明人: Omer Tripp , Omri Weisman
CPC分类号: G06F11/3688 , G06F11/3612 , G06F11/3668 , G06F11/3684
摘要: Testing computer software applications is implemented by probing a computer software application to determine the presence in the computer software application of any data-checking features, and applying a rule to the data-checking features that are determined to be present in the computer software application, thereby producing a testing set of inputs. The testing set includes any sets of inputs that were used to test sets of data-checking software, where each of the sets of data-checking software includes one or more data sanitizers and/or data validators, and where the rule is configured to produce the testing set to include one or more of the sets of inputs when the rule is applied to any of the data-checking features. The computer software application is tested using the testing set.
摘要翻译: 通过探测计算机软件应用程序来测试计算机软件应用程序,以确定在计算机软件应用中存在任何数据检查特征,以及将规则应用于被确定存在于计算机软件应用中的数据检查特征, 从而产生一组测试输入。 测试集包括用于测试数据检查软件集合的任何输入集合,其中每组数据检查软件包括一个或多个数据消毒剂和/或数据验证器,并且该规则被配置为产生 当将规则应用于任何数据检查特征时,测试集包括一组或多个输入集合。 使用测试仪测试计算机软件应用程序。
-
6.发明授权Static analysis of computer software applications having a model-view-controller architecture 有权具有模型视图 - 控制器架构的计算机软件应用程序的静态分析公开(公告)号:US09189204B2
公开(公告)日:2015-11-17
申请号:US14226736
申请日:2014-03-26
发明人: Yinnon A. Haviv , Omer Tripp , Omri Weisman
IPC分类号: G06F9/44
摘要: Preparing a computer software application for static analysis by identifying a control flow within a model portion of a computer software application having a model-view-controller architecture, where the control flow passes a value to a controller portion of the computer software application, analyzing a declarative specification of the controller portion of the computer software application to identify a view to which the controller portion passes control based on the value, and synthesizing a method within the computer software application, where the method calls the view.
摘要翻译: 通过识别具有模型 - 视图 - 控制器架构的计算机软件应用的模型部分内的控制流来准备用于静态分析的计算机软件应用,其中控制流将值传递给计算机软件应用的控制器部分,分析 计算机软件应用程序的控制器部分的声明性规范,以识别控制器部分基于该值传递控制的视图,以及在方法调用该视图的情况下合成计算机软件应用程序内的方法。
-
公开(公告)号:US09996619B2
公开(公告)日:2018-06-12
申请号:US15688167
申请日:2017-08-28
发明人: Shahar Sperling , Omer Tripp , Omri Weisman
CPC分类号: G06F17/30864 , G06F17/2235 , G06F17/30958
摘要: Crawling computer-based documents by performing static analysis on a computer-based document to identify within the computer-based document one or more execution vectors, where each execution vector includes a computer program segment including a call to an entity that is external to the computer-based document, and one or more additional computer program segments whose execution precedes and leads ultimately to execution of the computer program segment that includes the call to the entity, and causing any of the computer program segments in any of the execution vectors to be executed during a crawling of the computer-based document, and any computer program segment within the computer-based document that is excluded from the execution vectors to be excluded from execution during the crawling of the computer-based document.
-
公开(公告)号:US08949996B2
公开(公告)日:2015-02-03
申请号:US14049680
申请日:2013-10-09
发明人: Daniel Kalman , Ory Segal , Omer Tripp , Omri Weisman
CPC分类号: G06F11/3684 , G06F21/577 , G06F2221/033
摘要: A method, computer program product, and system for transforming unit tests is described. A unit test associated with one or more software units is identified. A first input parameter of the unit test is identified. A substitute parameter value is determined, wherein the substitute parameter value is associated with a security test for the one or more software units. A value of the first input parameter in the unit test is replaced with the substitute parameter value. The unit test including the substitute parameter value is implemented for the one or more software units. A first security issue associated with the one or more software units is identified, based upon, at least in part, replacing the first input parameter of the unit test with the substitute parameter value and implementing the unit test including the substitute parameter value.
摘要翻译: 描述了一种用于转换单元测试的方法,计算机程序产品和系统。 识别与一个或多个软件单元相关联的单元测试。 识别单元测试的第一个输入参数。 确定替代参数值,其中替代参数值与一个或多个软件单元的安全测试相关联。 单位测试中第一个输入参数的值将替换为替代参数值。 对于一个或多个软件单元实施包括替代参数值的单元测试。 基于至少部分地,用替代参数值替换单元测试的第一输入参数并且实现包括替代参数值的单元测试来识别与所述一个或多个软件单元相关联的第一安全性问题。
-
9.发明申请STATIC ANALYSIS OF COMPUTER SOFTWARE APPLICATIONS HAVING A MODEL-VIEW-CONTROLLER ARCHITECTURE 有权具有模型视图控制器架构的计算机软件应用的静态分析公开(公告)号:US20140215431A1
公开(公告)日:2014-07-31
申请号:US14226736
申请日:2014-03-26
发明人: Yinnon A. HAVIV , Omer TRIPP , Omri Weisman
IPC分类号: G06F9/44
摘要: Preparing a computer software application for static analysis by identifying a control flow within a model portion of a computer software application having a model-view-controller architecture, where the control flow passes a value to a controller portion of the computer software application, analyzing a declarative specification of the controller portion of the computer software application to identify a view to which the controller portion passes control based on the value, and synthesizing a method within the computer software application, where the method calls the view.
摘要翻译: 通过识别具有模型 - 视图 - 控制器架构的计算机软件应用的模型部分内的控制流来准备用于静态分析的计算机软件应用,其中控制流将值传递给计算机软件应用的控制器部分,分析 计算机软件应用程序的控制器部分的声明性规范,以识别控制器部分基于该值传递控制的视图,以及在方法调用该视图的情况下合成计算机软件应用程序内的方法。
-
公开(公告)号:US20140157406A1
公开(公告)日:2014-06-05
申请号:US13693275
申请日:2012-12-04
发明人: Yair Amit , Adi Cohen , Lotem Guy , Alexander Landau , Omer Tripp , Avishai Vana , Omri Weisman
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L1/008 , H04L5/0044 , H04L27/2681 , H04L63/0245 , H04L63/1433
摘要: A method, computer program product, and computer system for sending, by a first computing device, a payload from a plurality of payloads to a second computing device. A response from the second computing device responding to the payload is received at the first computing device. It is determined whether the payload has successfully attacked an application executing at the second computing device based upon, at least in part, the response. If not, at least a portion of the plurality of payloads that shares a structural overlap with the first payload is identified. At least a second payload of the portion is prevented from being sent to the second computing device in response to identifying that the second payload shares the structural overlap with the first payload.
摘要翻译: 一种用于由第一计算设备将有效载荷从多个有效载荷发送到第二计算设备的方法,计算机程序产品和计算机系统。 响应于有效载荷的第二计算设备的响应在第一计算设备处被接收。 基于至少部分地响应,确定有效载荷是否已成功攻击在第二计算装置执行的应用程序。 如果不是,则识别与第一有效载荷共享结构重叠的多个有效载荷的至少一部分。 响应于识别出第二有效载荷与第一有效载荷共享结构重叠,防止该部分的至少第二有效载荷被发送到第二计算设备。
-
-
-
-
-
-
-
-
-
搜索结果
37 条记录 (耗时 0.019 秒)
