公开(公告)号：US09811668B2

公开(公告)日：2017-11-07

申请号：US14692203

申请日：2015-04-21

Applicant: SAP SE

Inventor： Antonino Sabetta ,  Luca Compagna ,  Serena Ponta ,  Stanislav Dashevskyi ,  Daniel Dos Santos ,  Fabio Massacci

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F21/57 ,  G06F21/54 ,  G06F21/53 ,  G06F21/56

CPC classification number: G06F21/577 ,  G06F21/53 ,  G06F21/54 ,  G06F21/566 ,  G06F2221/033

Abstract: An input handler receives an exploit test request specifying at least one exploit to be tested against at least one application in at least one execution environment. A deployment engine deploys the at least one execution environment including instantiating a container providing a virtual machine image and configured based on the exploit test request, the instantiated container including the at least one application. A scheduler schedules execution of the at least one execution environment within at least one execution engine, including scheduling an injection of the at least one exploit as specified in the exploit test request. A report generator generates an exploit test report characterizing a result of the at least one exploit being injected into the at least one execution environment of the at least one execution engine.

公开(公告)号：US20190272170A1

公开(公告)日：2019-09-05

申请号：US16415192

申请日：2019-05-17

Applicant: SAP SE

Inventor： Michele Bezzi ,  Antonino Sabetta ,  Henrik Plate ,  Serena Ponta ,  Francesco Di Cerbo

IPC: G06F8/71 ,  G06F8/36 ,  G06F8/77

Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix

公开(公告)号：US20170255544A1

公开(公告)日：2017-09-07

申请号：US15057812

申请日：2016-03-01

Applicant: SAP SE

Inventor： Henrik Plate ,  Serena Ponta ,  Antonino Sabetta

IPC: G06F11/36 ,  G06F21/57

CPC classification number: G06F11/3636 ,  G06F11/3624 ,  G06F21/577

Abstract: Implementations are directed to enhancing assessment of one or more known vulnerabilities inside one or more third-party libraries used within an application program that interacts with the one or more third-party libraries. In some examples, actions include receiving a complete call graph that is provided by static source code analysis (SSCA) of the application program and any third-party libraries used by the application, receiving one or more stack traces that are provided based on dynamic source code analysis (DSCA) during execution of the application program, processing the complete call graph, the one or more stack traces, and vulnerable function data to provide one or more combined call graphs, the vulnerable function data identifying one or more vulnerable functions included in the one or more third-party libraries, each combined call graph being specific to a respective vulnerable function, and providing a graphical representation of each combined call graph.

公开(公告)号：US20180157486A1

公开(公告)日：2018-06-07

申请号：US15371678

申请日：2016-12-07

Applicant: SAP SE

Inventor： Michele Bezzi ,  Antonino Sabetta ,  Henrik Plate ,  Serena Ponta ,  Francesco Di Cerbo

IPC: G06F9/44

CPC classification number: G06F8/71 ,  G06F8/36 ,  G06F8/77

Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix

公开(公告)号：US09959111B2

公开(公告)日：2018-05-01

申请号：US15206323

申请日：2016-07-11

Applicant: SAP SE

Inventor： Henrik Plate ,  Serena Ponta ,  Antonino Sabetta

IPC: G06F9/445

CPC classification number: G06F8/65 ,  G06F8/658 ,  G06F8/71

Abstract: Various embodiments of systems, computer program products, and methods for prioritizing software patches are described herein. In an aspect, the software patches are retrieved by querying software repositories. Further, code changes associated with the software patches are determined. One or more instances of bug fix patterns are identified in determined code changes. The software patches are classified based on the identified bug fix patterns. Priorities of the software patches corresponding to the identified instances of the bug fix patterns are determined based on the classification and a pre-defined policy. Upon determining priorities, the software patches are installed based on the priorities.

公开(公告)号：US20180011700A1

公开(公告)日：2018-01-11

申请号：US15206323

申请日：2016-07-11

Applicant: SAP SE

Inventor： HENRIK PLATE ,  Serena Ponta ,  Antonino Sabetta

IPC: G06F9/445

CPC classification number: G06F8/65 ,  G06F8/658 ,  G06F8/71

Abstract: Various embodiments of systems, computer program products, and methods for prioritizing software patches are described herein. In an aspect, the software patches are retrieved by querying software repositories. Further, code changes associated with the software patches are determined. One or more instances of bug fix patterns are identified in determined code changes. The software patches are classified based on the identified bug fix patterns. Priorities of the software patches corresponding to the identified instances of the bug fix patterns are determined based on the classification and a pre-defined policy. Upon determining priorities, the software patches are installed based on the priorities.

公开(公告)号：US10474456B2

公开(公告)日：2019-11-12

申请号：US16415192

申请日：2019-05-17

Applicant: SAP SE

Inventor： Michele Bezzi ,  Antonino Sabetta ,  Henrik Plate ,  Serena Ponta ,  Francesco Di Cerbo

IPC: G06F8/71 ,  G06F8/77 ,  G06F8/36

Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix

公开(公告)号：US10338916B2

公开(公告)日：2019-07-02

申请号：US15371678

申请日：2016-12-07

Applicant: SAP SE

Inventor： Michele Bezzi ,  Antonino Sabetta ,  Henrik Plate ,  Serena Ponta ,  Francesco Di Cerbo

IPC: G06F8/36 ,  G06F8/71 ,  G06F8/77

Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix.

公开(公告)号：US10831899B2

公开(公告)日：2020-11-10

申请号：US15978691

申请日：2018-05-14

Applicant: SAP SE

Inventor： Michele Bezzi ,  Antonino Sabetta ,  Henrik Plate ,  Serena Ponta

IPC: G06F21/57 ,  G06N20/00

Abstract: Systems and methods are provided for retrieving a set of code changes to source code from a source code repository, analyzing the set of code changes to generate a vector representation of each code change of the set of code changes, analyzing the vector representation of each code change of the set of code changes using a trained security-relevant code detection machine learning model, receiving a prediction from the security-relevant code detection machine learning model representing a probability that each code change of the set of code changes contains security-relevant changes, analyzing the prediction to determine whether the prediction is below or above a predetermined threshold, and generating results based on determining whether the prediction is below or above a predetermined threshold.

公开(公告)号：US20200175174A1

公开(公告)日：2020-06-04

申请号：US16209826

申请日：2018-12-04

Applicant: SAP SE

Inventor： Jamarber Bakalli ,  Michele Bezzi ,  Cedric Dangremont ,  Sule Kahraman ,  Henrik Plate ,  Serena Ponta ,  Antonino Sabetta

IPC: G06F21/57 ,  G06F8/71 ,  G06N5/02 ,  G06F16/901

Abstract: Data is received that characterizes source code requiring a security vulnerability assessment. Using this received data, an input node of a vulnerability context graph is generated. Subsequently, at least one node is resolved from the input node using at least one of a plurality of resolvers that collectively access each of a knowledge base, a source code commit database, and at least one online resource. Additionally nodes are later iteratively resolved at different depth levels until a pre-defined threshold is met. The vulnerability context graph is then caused to be displayed in a graphical user interface such that each node has a corresponding graphical user interface element which, when activated, causes complementary information for such node to be displayed.