-
1.发明授权Apparatus and method for performing dynamic security testing using static analysis data 有权使用静态分析数据进行动态安全测试的装置和方法公开(公告)号:US08528093B1
公开(公告)日:2013-09-03
申请号:US11734114
申请日:2007-04-11
Applicant: Toshinari Kureha , Koorosh Nouri , Arthur Do , Brian Chess , Roger Thornton
Inventor: Toshinari Kureha , Koorosh Nouri , Arthur Do , Brian Chess , Roger Thornton
IPC: H04L29/06
CPC classification number: H04L63/1416
Abstract: A computer readable storage medium includes executable instructions to perform a static analysis of a set of target code to identify a first set of security issues. A dynamic analysis of the target code is executed to identify a second set of security issues. The first set of security issues and the second set of security issues are compared and common security issues are reported.
Abstract translation: 计算机可读存储介质包括执行一组目标代码的静态分析以识别第一组安全问题的可执行指令。 执行目标代码的动态分析以识别第二组安全问题。 比较第一组安全问题和第二组安全问题,并报告常见的安全问题。
-
2.发明申请Apparatus and method for analyzing and supplementing a program to provide security 有权用于分析和补充程序以提供安全性的装置和方法公开(公告)号:US20070074169A1
公开(公告)日:2007-03-29
申请号:US11510135
申请日:2006-08-25
Applicant: Brian Chess , Arthur Do , Roger Thornton
Inventor: Brian Chess , Arthur Do , Roger Thornton
IPC: G06F9/44
CPC classification number: G06F21/563 , G06F21/54 , H04L63/1433 , H04L63/1483 , H04L67/02
Abstract: A computer readable storage medium has executable instructions to perform an automated analysis of program instructions. The automated analysis includes at least two analyses selected from an automated analysis of injection vulnerabilities, an automated analysis of potential repetitive attacks, an automated analysis of sensitive information, and an automated analysis of specific HTTP attributes. Protective instructions are inserted into the program instructions. The protective instructions are utilized to detect and respond to attacks during execution of the program instructions.
Abstract translation: 计算机可读存储介质具有执行程序指令的自动分析的可执行指令。 自动分析包括从注入漏洞的自动化分析,潜在重复攻击的自动化分析,敏感信息的自动分析和特定HTTP属性的自动分析中选择的至少两项分析。 保护说明被插入到程序指令中。 保护性指令用于在执行程序指令期间检测并响应攻击。
-
公开(公告)号:US20050273859A1
公开(公告)日:2005-12-08
申请号:US11009474
申请日:2004-12-10
Applicant: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
Inventor: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
CPC classification number: G06F21/577
Abstract: A computer readable medium includes executable instructions to analyze program instructions for security vulnerabilities. Executable instructions identify potential security vulnerabilities within program instructions based upon input from an attack database and information derived during a static analysis of the program instructions. Vulnerability tests are applied to the program instructions in view of the security vulnerabilities. Performance results from the vulnerability tests are analyzed. The performance results are then reported.
Abstract translation: 计算机可读介质包括用于分析用于安全漏洞的程序指令的可执行指令。 可执行指令根据攻击数据库的输入和在程序指令的静态分析期间导出的信息来识别程序指令中的潜在安全漏洞。 考虑到安全漏洞,漏洞测试将应用于程序指令。 分析漏洞测试的性能结果。 然后报告性能结果。
-
公开(公告)号:US09400889B2
公开(公告)日:2016-07-26
申请号:US11733169
申请日:2007-04-09
Applicant: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
Inventor: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
CPC classification number: G06F21/577 , G06F9/44 , G06F11/3604 , G06F11/3612 , G06F21/563 , G06F2221/033
Abstract: A computer readable medium includes executable instructions to analyze program instructions for security vulnerabilities. The executable instructions convert diverse program instruction formats to a common format. A system model is derived from the common format. A static analysis is performed on the system model to identify security vulnerabilities. Security vulnerabilities are then reported.
Abstract translation: 计算机可读介质包括用于分析用于安全漏洞的程序指令的可执行指令。 可执行指令将各种程序指令格式转换为通用格式。 系统模型是从通用格式导出的。 对系统模型执行静态分析以识别安全漏洞。 然后报告安全漏洞。
-
公开(公告)号:US07975306B2
公开(公告)日:2011-07-05
申请号:US11009572
申请日:2004-12-10
Applicant: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
Inventor: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
IPC: G06F11/00
CPC classification number: G06F21/54 , G06F21/577 , G06F2221/2101
Abstract: A computer readable medium includes executable instructions to analyze program instructions for security vulnerabilities. The executable instructions perform a security audit of program instructions. Based upon the security audit, sensors are inserted into the program instructions. The program instructions are executable and the sensors generate a stream of security events. The stream of security events is monitored and security performance results are reported.
Abstract translation: 计算机可读介质包括用于分析用于安全漏洞的程序指令的可执行指令。 可执行指令执行程序指令的安全审核。 基于安全审核,传感器被插入到程序指令中。 程序指令是可执行的,并且传感器产生安全事件流。 监控安全事件流,并报告安全性能结果。
-
Patent Agency Ranking
6.发明申请Apparatus and method for developing, testing and monitoring secure software 审中-公开用于开发,测试和监控安全软件的装置和方法公开(公告)号:US20050273860A1
公开(公告)日:2005-12-08
申请号:US11009570
申请日:2004-12-10
Applicant: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
Inventor: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
CPC classification number: G06F21/577
Abstract: A method of analyzing program instructions for security vulnerabilities includes applying a static analysis to program instructions during a development phase of the program instructions to identify security vulnerabilities. The security vulnerabilities are used to apply a security test to the program instructions during a testing phase of the program instructions. The security vulnerabilities are analyzed to develop security monitoring criteria to apply to the program instructions during a deployment phase of the program instructions.
Abstract translation: 分析用于安全漏洞的程序指令的方法包括在程序指令的开发阶段对程序指令应用静态分析以识别安全漏洞。 安全漏洞用于在程序指令的测试阶段对程序指令应用安全测试。 分析安全漏洞以开发安全监控标准,以在程序指令的部署阶段应用程序指令。
-
公开(公告)号:US20050273854A1
公开(公告)日:2005-12-08
申请号:US11010146
申请日:2004-12-10
Applicant: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
Inventor: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
CPC classification number: G06F21/577 , G06F11/3612
Abstract: A computer readable medium includes executable instructions to analyze program instructions for security vulnerabilities. The executable instructions convert diverse program instruction formats to a common format. A system model is derived from the common format. A static analysis is performed on the system model to identify security vulnerabilities. Security vulnerabilities are then reported.
Abstract translation: 计算机可读介质包括用于分析用于安全漏洞的程序指令的可执行指令。 可执行指令将各种程序指令格式转换为通用格式。 系统模型是从通用格式导出的。 对系统模型执行静态分析以识别安全漏洞。 然后报告安全漏洞。
-
8.发明授权Apparatus and method for analyzing and supplementing a program to provide security 有权用于分析和补充程序以提供安全性的装置和方法公开(公告)号:US08347392B2
公开(公告)日:2013-01-01
申请号:US11510135
申请日:2006-08-25
Applicant: Brian Chess , Arthur Do , Roger Thornton
Inventor: Brian Chess , Arthur Do , Roger Thornton
CPC classification number: G06F21/563 , G06F21/54 , H04L63/1433 , H04L63/1483 , H04L67/02
Abstract: A computer readable storage medium has executable instructions to perform an automated analysis of program instructions. The automated analysis includes at least two analyses selected from an automated analysis of injection vulnerabilities, an automated analysis of potential repetitive attacks, an automated analysis of sensitive information, and an automated analysis of specific HTTP attributes. Protective instructions are inserted into the program instructions. The protective instructions are utilized to detect and respond to attacks during execution of the program instructions.
Abstract translation: 计算机可读存储介质具有执行程序指令的自动分析的可执行指令。 自动分析包括从注入漏洞的自动化分析,潜在重复攻击的自动化分析,敏感信息的自动分析和特定HTTP属性的自动分析中选择的至少两项分析。 保护说明被插入到程序指令中。 保护性指令用于在执行程序指令期间检测并响应攻击。
-
公开(公告)号:US07207065B2
公开(公告)日:2007-04-17
申请号:US11010146
申请日:2004-12-10
Applicant: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
Inventor: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
CPC classification number: G06F21/577 , G06F11/3612
Abstract: A computer readable medium includes executable instructions to analyze program instructions for security vulnerabilities. The executable instructions convert diverse program instruction formats to a common format. A system model is derived from the common format. A static analysis is performed on the system model to identify security vulnerabilities. Security vulnerabilities are then reported.
Abstract translation: 计算机可读介质包括用于分析用于安全漏洞的程序指令的可执行指令。 可执行指令将各种程序指令格式转换为通用格式。 系统模型是从通用格式导出的。 对系统模型执行静态分析以识别安全漏洞。 然后报告安全漏洞。
-
公开(公告)号:US20050273861A1
公开(公告)日:2005-12-08
申请号:US11009572
申请日:2004-12-10
Applicant: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
Inventor: Brian Chess , Arthur Do , Sean Fay , Roger Thornton
CPC classification number: G06F21/54 , G06F21/577 , G06F2221/2101
Abstract: A computer readable medium includes executable instructions to analyze program instructions for security vulnerabilities. The executable instructions perform a security audit of program instructions. Based upon the security audit, sensors are inserted into the program instructions. The program instructions are executable and the sensors generate a stream of security events. The stream of security events is monitored and security performance results are reported.
Abstract translation: 计算机可读介质包括用于分析用于安全漏洞的程序指令的可执行指令。 可执行指令执行程序指令的安全审核。 基于安全审核,传感器被插入到程序指令中。 程序指令是可执行的,并且传感器产生安全事件流。 监控安全事件流,并报告安全性能结果。
-
-
-
-
-
-
-
-
-
Search Results
11
records
(took 0.023 seconds)
