-
公开(公告)号:EP3241135A1
公开(公告)日:2017-11-08
申请号:EP15875340.0
申请日:2015-12-24
申请人: Checkmarx Ltd.
IPC分类号: G06F21/12
摘要: A method for runtime self-protection of an application program includes, before running the application program, identifying input and output points in runtime code (24) of the program. The input points are instrumented so as to cause the program to sense and cache potentially malicious inputs to the program. The output points are instrumented so as to cause the program to detect outputs from the program corresponding to the cached inputs. While running the application program, upon detecting, at an instrumented output point, an output corresponding to a cached input, a vulnerability of a target of the output to the cached input is evaluated. A protective action is invoked upon determining that the output is potentially vulnerable to the cached input.
-
公开(公告)号:EP3401827A1
公开(公告)日:2018-11-14
申请号:EP18171274.6
申请日:2018-05-08
申请人: Checkmarx Ltd.
CPC分类号: G06F21/577 , G06F11/3672 , G06F17/30404 , G06F2221/033
摘要: A computer program is evaluated for security vulnerabilities by formulating a query in a query language and receiving into a memory of a computer source code of the computer program to be analyzed, preparing a data flow graph from the source code, and determining that the query is satisfied by an analysis of the data flow graph. Alternatively, the computer program is evaluated by collecting runtime events during an execution of binary code and determining that the query is satisfied by an analysis of the runtime events. In either case a security vulnerability is reported.
-
公开(公告)号:EP3245776A1
公开(公告)日:2017-11-22
申请号:EP16737140.0
申请日:2016-01-11
申请人: Checkmarx Ltd.
发明人: ROICHMAN, Alexander
CPC分类号: G06F21/54 , G06F8/658 , G06F21/577 , G06F2221/033 , H04L63/1433
摘要: A method for runtime analysis of a software program (24) written in a scripting language. The method includes, before running the software program, adding patching code in the scripting language to the software program so as to define a proxy method that is to run in place of an existing method in the software program and comprises logic configured to provide information that is associated with operation of the existing method at runtime. Upon running the software program with the added patching code on a computer 32, the information provided by the logic in the proxy method is received and acted upon.
-
公开(公告)号:EP3433782A1
公开(公告)日:2019-01-30
申请号:EP17769530.1
申请日:2017-03-07
申请人: Checkmarx Ltd.
摘要: A method for testing a software application program (22) includes recording a sequence of functional tests (28) that are applied to the program and automatically identifying and collapsing sessions within the recorded functional tests. Modified tests are created by replacing parameters in the collapsed sessions with malicious inputs. The modified tests are applied to the program in order to detect security vulnerabilities in the program.
-
-
公开(公告)号:EP3566166A1
公开(公告)日:2019-11-13
申请号:EP18736396.5
申请日:2018-01-01
申请人: Checkmarx Ltd.
IPC分类号: G06F21/57
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.008 秒)
