公开(公告)号：US20130174262A1

公开(公告)日：2013-07-04

申请号：US13431808

申请日：2012-03-27

申请人： Yair Amit ,  Lotem Guy ,  Daniel Kalman ,  Ori Segal ,  Omri Weisman

发明人： Yair Amit ,  Lotem Guy ,  Daniel Kalman ,  Ori Segal ,  Omri Weisman

IPC分类号： G06F21/00 ,  G06F17/00

CPC分类号： G06F21/577 ,  G06F2221/033

摘要： Source code of a plurality of web pages including script code is statically analyzed. A page including a potential vulnerability is identified based on the static analysis. A page not including a potential vulnerability is identified based on the static analysis. The web page including the potential vulnerability is dynamically analyzed using a set of test payloads. The page not including the potential vulnerability is dynamically analyzed using a subset of the set of test payloads, the subset including fewer test payloads than the set of test payloads.

公开(公告)号：US20130081002A1

公开(公告)日：2013-03-28

申请号：US13246260

申请日：2011-09-27

申请人： DANIEL KALMAN ,  DMITRI PIKUS ,  OMER TRIPP ,  OMRI WEISMAN

发明人： DANIEL KALMAN ,  DMITRI PIKUS ,  OMER TRIPP ,  OMRI WEISMAN

IPC分类号： G06F9/44

CPC分类号： G06F21/52 ,  G06F8/51 ,  G06F8/75 ,  G06F11/3604

摘要： Performing data flow analysis of a computer software application, including, for a data flow analysis type, identifying within a computer software application code base a plurality of seeds relating to the data flow analysis type, for each of the plurality of seeds, defining a portion of the computer software application code base to a predefined depth of calls backward from the seed and to a predefined depth of calls forward from the seed, thereby resulting in a plurality of bounded portions of the computer software application code base, detecting a change in the computer software application code base, and performing, on any of the bounded portions affected by the change, a data flow analysis relating to the data flow analysis type.

公开(公告)号：US20120054724A1

公开(公告)日：2012-03-01

申请号：US12873219

申请日：2010-08-31

申请人： Daniel Kalman ,  Marco Pistoia ,  Guy Podjarny ,  Omer Tripp ,  Omri Weisman

发明人： Daniel Kalman ,  Marco Pistoia ,  Guy Podjarny ,  Omer Tripp ,  Omri Weisman

IPC分类号： G06F9/44

CPC分类号： G06F8/75 ,  G06F11/3604 ,  G06F21/577

摘要： A system, method and computer program product for incremental static analysis, including a change impact analyzer for identifying a changed portion of a computer software (e.g., an application), where the changed portion was changed subsequent to performing a static analysis on the application, a static analysis result invalidator for invalidating any static analysis result that is dependent on the changed portion, and an incremental static analyzer for performing a first incremental static analysis on at least the changed portion, presenting the results of the first incremental static analysis, receiving a request to provide additional information regarding a selected result of the first incremental static analysis, performing, responsive to receiving the request, a second incremental static analysis on any portion of the application to gather the additional information, and presenting results of the second incremental static analysis, thereby providing the additional information regarding the selected result of the first incremental static analysis.

摘要翻译： 一种用于增量静态分析的系统，方法和计算机程序产品，包括用于识别计算机软件（例如，应用程序）的改变部分的变化影响分析器，其中在对应用执行静态分析之后改变部分被改变， 静态分析结果无效器，用于使依赖于改变的部分的任何静态分析结果无效;以及增量静态分析器，用于至少对所述改变的部分执行第一增量静态分析，呈现第一增量静态分析的结果， 请求提供关于第一增量静态分析的选定结果的附加信息，响应于接收到请求执行，对应用的任何部分进行第二增量静态分析以收集附加信息，以及呈现第二增量静态分析的结果 ，从而提供附加信息rega 选择第一个增量静态分析的结果。

公开(公告)号：US20100035945A1

公开(公告)日：2010-02-11

申请号：US11720971

申请日：2005-12-06

申请人： Xiaodong Cheng ,  John R. Horton ,  Zhe Yang ,  Daniel Kalman ,  Xing Zhang ,  Stanley Hattman ,  Albert Jeltsch

发明人： Xiaodong Cheng ,  John R. Horton ,  Zhe Yang ,  Daniel Kalman ,  Xing Zhang ,  Stanley Hattman ,  Albert Jeltsch

IPC分类号： A61K31/427 ,  G06G7/60 ,  C12N9/10 ,  A61P31/04

CPC分类号： C12Q1/18 ,  C12Q1/48 ,  G01N2333/91017 ,  G01N2500/04 ,  G16B15/00 ,  G16C20/50

摘要： Disclosed are compounds, crystal structures, data representations, methods of using, and methods of identifying compounds in relation to DNA methylation and inhibition of methylation. In embodiments, DNA methylation is by DNA-adenine methyltransferases (Dam). In an embodiment, compounds are used to treat a host suspected of infection by a pathogenic organism. In an embodiment, virulence of a pathogenic bacterium is modified by treatment with an agent capable of inhibiting a bacterial Dam enzyme. In an embodiment, compounds and methods are disclosed regarding Dam inhibitors.

摘要翻译： 公开了化合物，晶体结构，数据表示，使用方法以及鉴定与DNA甲基化和抑制甲基化有关的化合物的方法。 在实施方案中，DNA甲基化是通过DNA-腺嘌呤甲基转移酶（Dam）。 在一个实施方案中，化合物用于治疗疑似感染病原体的宿主。 在一个实施方案中，通过用能够抑制细菌大米酶的试剂处理来修饰致病细菌的毒力。 在一个实施方案中，公开了关于Dam抑制剂的化合物和方法。

公开(公告)号：US08819644B2

公开(公告)日：2014-08-26

申请号：US13411771

申请日：2012-03-05

申请人： Daniel Kalman ,  Dmitri Pikus ,  Omer Tripp ,  Omri Weisman

发明人： Daniel Kalman ,  Dmitri Pikus ,  Omer Tripp ,  Omri Weisman

IPC分类号： G06F9/44

CPC分类号： G06F21/52 ,  G06F8/51 ,  G06F8/75 ,  G06F11/3604

摘要： Performing data flow analysis of a computer software application, including, for a data flow analysis type, identifying within a computer software application code base a plurality of seeds relating to the data flow analysis type, for each of the plurality of seeds, defining a portion of the computer software application code base to a predefined depth of calls backward from the seed and to a predefined depth of calls forward from the seed, thereby resulting in a plurality of bounded portions of the computer software application code base, detecting a change in the computer software application code base, and performing, on any of the bounded portions affected by the change, a data flow analysis relating to the data flow analysis type.

公开(公告)号：US20130205399A1

公开(公告)日：2013-08-08

申请号：US13563376

申请日：2012-07-31

申请人： DANIEL KALMAN ,  ORY SEGAL ,  OMER TRIPP ,  OMRI WEISMAN

发明人： DANIEL KALMAN ,  ORY SEGAL ,  OMER TRIPP ,  OMRI WEISMAN

IPC分类号： G06F21/00

CPC分类号： G06F21/577 ,  G06F21/10 ,  G06F2221/034 ,  H04L63/1433

摘要： Performing security analysis on a computer program under test (CPUT). The CPUT can be analyzed to identify data pertinent to potential security vulnerabilities of the CPUT. At least a first unit test configured to test a particular unit of program code within the CPUT can be automatically synthesized. The first unit test can be configured to initialize at least one parameter used by the particular unit of program code within the CPUT, and can be provided at least a first test payload configured to exploit at least one potential security vulnerability of the CPUT. The first unit test can be dynamically processed to communicate the first test payload to the particular unit of program code within the CPUT. Whether the first test payload exploits an actual security vulnerability of the CPUT can be determined, and a security analysis report can be output.

摘要翻译： 对被测电脑程式（CPUT）执行安全性分析。 可以分析CPUT以识别与CPUT的潜在安全漏洞相关的数据。 至少可以自动合成在CPUT内测试程序代码的特定单位的第一单元测试。 可以将第一单元测试配置为初始化由CPUT内的程序代码的特定单元使用的至少一个参数，并且可以提供至少一个被配置为利用CPUT的至少一个潜在安全漏洞的第一测试负载。 可以动态地处理第一单元测试，以将第一测试有效负载传送到CPUT内的程序代码的特定单元。 是否可以确定第一个测试有效负载是否利用CPUT的实际安全漏洞，并可以输出安全分析报告。

公开(公告)号：US20130139267A1

公开(公告)日：2013-05-30

申请号：US13440416

申请日：2012-04-05

申请人： Yair Amit ,  Daniel Kalman ,  Omer Tripp

发明人： Yair Amit ,  Daniel Kalman ,  Omer Tripp

IPC分类号： G06F21/00

CPC分类号： H04L63/1433 ,  H04L63/145 ,  H04L67/02 ,  H04W12/12

摘要： A method, computer program product, and system for detecting vulnerabilities in web applications is described. A method may comprise determining one or more values associated with a web application that flow to response data associated with the web application. The one or more values may be modifiable by unreliable input. The method may further comprise generating a representation of the response data associated with the web application. The method may additionally comprise determining one or more potentially vulnerable portions of the response data based upon, at least in part, the one or more values modifiable by the unreliable input that flow to the response data associated with the web application, and the representation of the response data associated with the web application.

摘要翻译： 描述了一种用于检测Web应用程序中的漏洞的方法，计算机程序产品和系统。 方法可以包括确定与web应用程序相关联的一个或多个值，其流向与web应用相关联的响应数据。 一个或多个值可能由不可靠的输入修改。 该方法还可以包括生成与web应用相关联的响应数据的表示。 该方法可以另外包括至少部分地基于流向与web应用相关联的响应数据的不可靠输入可修改的一个或多个值来确定响应数据的一个或多个潜在易受攻击的部分，以及 与Web应用程序相关联的响应数据。

公开(公告)号：US20130111449A1

公开(公告)日：2013-05-02

申请号：US13281653

申请日：2011-10-26

申请人： Yinnon A. HAVIV ,  Daniel KALMAN ,  Dmitri PIKUS ,  Omer TRIPP ,  Omri WEISMAN

发明人： Yinnon A. HAVIV ,  Daniel KALMAN ,  Dmitri PIKUS ,  Omer TRIPP ,  Omri WEISMAN

IPC分类号： G06F9/44

CPC分类号： G06F8/443 ,  G06F8/75 ,  G06F11/3604

摘要： Statically analyzing a computer software application can include identifying a plurality of objects within the instructions of a computer software application, where the objects in the plurality of objects are of the same object type, and preparing a modified version of the instructions in which any of the objects in the plurality of objects determined to be extraneous is omitted.

摘要翻译： 静态分析计算机软件应用程序可以包括识别计算机软件应用程序的指令内的多个对象，其中多个对象中的对象具有相同的对象类型，并且准备指令的修改版本，其中， 被确定为无关的多个对象中的对象被省略。

公开(公告)号：US20130007887A1

公开(公告)日：2013-01-03

申请号：US13430013

申请日：2012-03-26

申请人： YINNON A. HAVIV ,  DANIEL KALMAN ,  DMITRI PIKUS ,  OMER TRIPP ,  OMRI WEISMAN

发明人： YINNON A. HAVIV ,  DANIEL KALMAN ,  DMITRI PIKUS ,  OMER TRIPP ,  OMRI WEISMAN

IPC分类号： G06F21/00 ,  G06F15/16

CPC分类号： G06F21/577 ,  H04L63/1433 ,  H04L63/1441

摘要： Detecting security vulnerabilities in web applications by interacting with a web application at a computer server during its execution at the computer server, identifying client-side instructions provided by the web application responsive to an interaction with the web application, where the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server, evaluating the identified client-side instructions, and identifying a security vulnerability associated with the client-side instructions.

公开(公告)号：US20110274651A1

公开(公告)日：2011-11-10

申请号：US13061447

申请日：2009-09-04

申请人： Cory Acuff ,  Daniel Kalman

发明人： Cory Acuff ,  Daniel Kalman

IPC分类号： A61K31/4355 ,  A61K31/5377 ,  A61K31/4725 ,  A61K31/506 ,  A61K39/395 ,  A61K31/7088 ,  A61K31/7105 ,  A61K38/21 ,  A61K31/7028 ,  A61K31/4353 ,  A61K31/407 ,  A61K31/545 ,  A61K38/02 ,  A61K31/397 ,  A61K31/43 ,  A61K31/65 ,  A61K31/7048 ,  A61K31/513 ,  A61P31/00 ,  A61P31/14 ,  A61P31/12 ,  A61P31/20 ,  A61P31/22 ,  A61P31/16 ,  A61P31/18 ,  A61P31/04 ,  A61P31/10 ,  A61K31/496

CPC分类号： A61K31/4355 ,  A61K31/4741 ,  A61K31/495 ,  A61K31/505 ,  A61K31/5375 ,  A61K45/06 ,  Y02A50/401 ,  Y02A50/402 ,  Y02A50/47 ,  Y02A50/473 ,  Y02A50/475 ,  Y02A50/481 ,  A61K2300/00

摘要： Compositions and methods for treating or preventing infectious diseases, and inhibiting the ability of microbes to travel within mammalian cells, and inhibiting microbial replication, are disclosed. The compositions include various noscapine analogs, which are capable of blocking the movement of viruses and other microbes within mammalian and other cells by inhibiting the cytoplasmic transport mechanisms within the cells. The compositions described herein include an effective amount of the noscapine analogues described herein, along with a pharmaceutically acceptable carrier or excipient. The compositions can also include one or more additional antimicrobial compounds.

摘要翻译： 公开了用于治疗或预防感染性疾病和抑制微生物在哺乳动物细胞内行进的能力以及抑制微生物复制的组合物和方法。 组合物包括各种诺斯卡品类似物，其能够通过抑制细胞内的细胞质运输机制来阻断哺乳动物和其它细胞内的病毒和其它微生物的运动。 本文描述的组合物包括有效量的本文所述的诺斯卡品类似物以及药学上可接受的载体或赋形剂。 组合物还可以包括一种或多种另外的抗微生物化合物。