-
公开(公告)号:US08387017B2
公开(公告)日:2013-02-26
申请号:US12553417
申请日:2009-09-03
申请人: Rob Calendino , Craig Robert Earl Conboy , Guy Podjarny , Ory Segal , Adi Sharabani , Omer Tripp , Omri Weisman
发明人: Rob Calendino , Craig Robert Earl Conboy , Guy Podjarny , Ory Segal , Adi Sharabani , Omer Tripp , Omri Weisman
CPC分类号: G06F11/3672
摘要: Testing a computer software application by identifying a sink in the computer software application, identifying a source associated with the sink in the application, identifying an entry point associated with the source in the application, where the source is configured to receive input provided externally to the application via the entry point, determining a sink type represented by the sink, and providing to a testing application information identifying the entry point and in association with the sink type.
摘要翻译: 通过识别计算机软件应用程序中的接收器来测试计算机软件应用程序,识别与应用程序中的接收器相关联的源,识别与应用程序中的源相关联的入口点,其中源被配置为接收从外部提供的输入 通过入口点应用,确定由汇点表示的汇点类型,以及向测试应用程序提供标识入口点并与汇点类型相关联的信息。
-
公开(公告)号:US20110055813A1
公开(公告)日:2011-03-03
申请号:US12553417
申请日:2009-09-03
申请人: Rob Calendino , Craig Robert Earl Conboy , Guy Podjarny , Ory Segal , Adi Sharabani , Omer Tripp , Omri Weisman
发明人: Rob Calendino , Craig Robert Earl Conboy , Guy Podjarny , Ory Segal , Adi Sharabani , Omer Tripp , Omri Weisman
IPC分类号: G06F9/44
CPC分类号: G06F11/3672
摘要: Testing a computer software application by identifying a sink in the computer software application, identifying a source associated with the sink in the application, identifying an entry point associated with the source in the application, where the source is configured to receive input provided externally to the application via the entry point, determining a sink type represented by the sink, and providing to a testing application information identifying the entry point and in association with the sink type.
摘要翻译: 通过识别计算机软件应用程序中的接收器来测试计算机软件应用程序,识别与应用程序中的接收器相关联的源,识别与应用程序中的源相关联的入口点,其中源被配置为接收从外部提供的输入 通过入口点应用,确定由汇点表示的汇点类型,以及向测试应用程序提供标识入口点并与汇点类型相关联的信息。
-
3.发明授权公开(公告)号:US08528095B2
公开(公告)日:2013-09-03
申请号:US12825293
申请日:2010-06-28
申请人: Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
发明人: Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
IPC分类号: G06F11/00 , H04L9/32 , G06F15/173 , G06F9/44
CPC分类号: G06F11/3604 , G06F8/75 , G06F21/577
摘要: Embodiments of the invention generally relate to injection context based static analysis of computer software applications. Embodiments of the invention may include selecting a sink within a computer software application, tracing a character output stream leading to the sink within the computer software application, determining an injection context of the character output stream at the sink, where the injection context is predefined in association with a state of the character output stream at the sink, identifying any actions that have been predefined in association with the identified injection context, and providing a report of the actions.
摘要翻译: 本发明的实施例一般涉及计算机软件应用的基于注入上下文的静态分析。 本发明的实施例可以包括选择计算机软件应用程序内的汇点,跟踪通向计算机软件应用程序内的汇点的字符输出流,确定汇点处的字符输出流的注入上下文,其中注入上下文在 与汇点处的字符输出流的状态相关联,识别已经与所识别的注入上下文相关联地预定义的任何动作,以及提供动作的报告。
-
公开(公告)号:US09720798B2
公开(公告)日:2017-08-01
申请号:US13493067
申请日:2012-06-11
申请人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
发明人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
CPC分类号: G06F11/3604 , G06F9/44589 , G06F9/455 , G06F11/36 , G06F11/362 , G06F21/577 , G06F2221/033
摘要: Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.
-
5.发明申请公开(公告)号:US20120254839A1
公开(公告)日:2012-10-04
申请号:US13493067
申请日:2012-06-11
申请人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
发明人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
IPC分类号: G06F9/44
CPC分类号: G06F11/3604 , G06F9/44589 , G06F9/455 , G06F11/36 , G06F11/362 , G06F21/577 , G06F2221/033
摘要: Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.
摘要翻译: 系统,方法是使用从白盒测试获得的信息来模拟黑盒测试结果的程序产品,包括分析计算机软件(例如应用程序)以识别计算机软件应用程序中的潜在漏洞以及与潜在漏洞相关联的多个里程碑 ,其中每个里程碑指示计算机软件应用程序内的位置,跟踪从第一个里程碑到入口点的路径到计算机软件应用程序中,识别入口点的输入将导致控制流从 描述在描述入口点和输入的描述中的潜在漏洞,以及经由计算机控制的输出介质呈现描述的入口点和通过每个里程碑。
-
公开(公告)号:US20120215757A1
公开(公告)日:2012-08-23
申请号:US13032638
申请日:2011-02-22
申请人: Omri Weisman , Yinnon Avraham Haviv , Adi Sharabani , Omer Tripp , Marco Pistoia , Takaaki Tateishi , Guy Podjarny
发明人: Omri Weisman , Yinnon Avraham Haviv , Adi Sharabani , Omer Tripp , Marco Pistoia , Takaaki Tateishi , Guy Podjarny
IPC分类号: G06F17/30
CPC分类号: G06F16/951
摘要: A crawler including a document retriever configured to retrieve a first computer-based document, a link identifier configured to identify an actual string within the computer-based document as being a hyperlink-type string, and a static analyzer configured to perform static analysis of an operation on a variable within the first computer-based document to identify a possible string value of the variable as being a hyperlink-type string, where any of the strings indicate a location of at least a second computer-based document.
摘要翻译: 包括被配置为检索第一基于计算机的文档的文档检索器的爬行器,被配置为将所述基于计算机的文档内的实际字符串标识为超链接字符串的链接标识符和被配置为执行静态分析的静态分析器 操作第一基于计算机的文档中的变量,以将变量的可能字符串值标识为超链接类型的字符串,其中任何字符串指示至少第二基于计算机的文档的位置。
-
公开(公告)号:US09747187B2
公开(公告)日:2017-08-29
申请号:US12913314
申请日:2010-10-27
申请人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
发明人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
CPC分类号: G06F11/3604 , G06F9/44589 , G06F9/455 , G06F11/36 , G06F11/362 , G06F21/577 , G06F2221/033
摘要: Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.
-
公开(公告)号:US20120110551A1
公开(公告)日:2012-05-03
申请号:US12913314
申请日:2010-10-27
申请人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
发明人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
IPC分类号: G06F11/36
CPC分类号: G06F11/3604 , G06F9/44589 , G06F9/455 , G06F11/36 , G06F11/362 , G06F21/577 , G06F2221/033
摘要: Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.
-
9.发明授权System and method for static detection and categorization of information-flow downgraders 有权信息流降级的静态检测和分类的系统和方法公开(公告)号:US09275246B2
公开(公告)日:2016-03-01
申请号:US12575647
申请日:2009-10-08
申请人: Yinnon Haviv , Roee Hay , Marco Pistoia , Guy Podjarny , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
发明人: Yinnon Haviv , Roee Hay , Marco Pistoia , Guy Podjarny , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
CPC分类号: H04L63/1416 , G06F8/49 , G06F11/3608 , G06F21/6218
摘要: A system and method for static detection and categorization of information-flow downgraders includes transforming a program stored in a memory device by statically analyzing program variables to yield a single assignment to each variable in an instruction set. The instruction set is translated to production rules with string operations. A context-free grammar is generated from the production rules to identify a finite set of strings. An information-flow downgrader function is identified by checking the finite set of strings against one or more function specifications.
摘要翻译: 用于信息流降级器的静态检测和分类的系统和方法包括通过静态分析程序变量来变换存储在存储器件中的程序,以产生对指令集中的每个变量的单个赋值。 指令集被转换为具有字符串操作的生产规则。 从生产规则生成上下文无关的语法,以识别有限的字符串集。 通过根据一个或多个功能规范检查有限的字符串来识别信息流降级功能。
-
10.发明申请SYSTEM AND METHOD FOR STATIC DETECTION AND CATEGORIZATION OF INFORMATION-FLOW DOWNGRADERS 有权用于静态检测和分类信息流下载器的系统和方法公开(公告)号:US20110088023A1
公开(公告)日:2011-04-14
申请号:US12575647
申请日:2009-10-08
申请人: YINNON HAVIV , Roee Hay , Marco Pistoia , Guy Podjarny , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
发明人: YINNON HAVIV , Roee Hay , Marco Pistoia , Guy Podjarny , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
IPC分类号: G06F9/45
CPC分类号: H04L63/1416 , G06F8/49 , G06F11/3608 , G06F21/6218
摘要: A system and method for static detection and categorization of information-flow downgraders includes transforming a program stored in a memory device by statically analyzing program variables to yield a single assignment to each variable in an instruction set. The instruction set is translated to production rules with string operations. A context-free grammar is generated from the production rules to identify a finite set of strings. An information-flow downgrader function is identified by checking the finite set of strings against one or more function specifications.
摘要翻译: 用于信息流降级器的静态检测和分类的系统和方法包括通过静态分析程序变量来变换存储在存储器件中的程序,以产生对指令集中的每个变量的单个赋值。 指令集被转换为具有字符串操作的生产规则。 从生产规则生成上下文无关的语法,以识别有限的字符串集。 通过根据一个或多个功能规范检查有限的字符串来识别信息流降级功能。
-
-
-
-
-
-
-
-
-
搜索结果
43 条记录 (耗时 0.027 秒)
