-
公开(公告)号:US08296722B2
公开(公告)日:2012-10-23
申请号:US12246065
申请日:2008-10-06
申请人: Sachiko Yoshihama , Shinya Kawanaka , Takaaki Tateishi , Ory Segal , Adi Sharabani , Marco Pistoia , Guy Podjarny
发明人: Sachiko Yoshihama , Shinya Kawanaka , Takaaki Tateishi , Ory Segal , Adi Sharabani , Marco Pistoia , Guy Podjarny
IPC分类号: G06F9/44
CPC分类号: G06F8/10
摘要: A transformation tree for an object model (OM) is defined. The transformation tree has nodes interconnected by edges, where each node is connected to at most one other tree node. Each node corresponds to a state of the OM; each edge corresponds to an event causing the OM to transition from the state of one node to the state of another node. A transformation graph for the OM is constructed by simulating the transformation tree. The transformation graph has nodes interconnected by edges, and is a directed graph in which each node is connected to one or more other nodes. Each node corresponds to a state of the OM; each edge corresponds to an event causing the OM to transition from the state of one node to the state of another node. Crawling-oriented actions are performed in relation to the OM by being performed in relation to the transformation graph.
摘要翻译: 定义了对象模型(OM)的转换树。 转换树具有通过边缘互连的节点,其中每个节点连接到最多一个其他树节点。 每个节点都对应于OM的状态; 每个边缘对应于导致OM从一个节点的状态转变到另一个节点的状态的事件。 通过模拟转换树构建OM的变换图。 转换图具有通过边缘互连的节点,并且是有向图,其中每个节点连接到一个或多个其他节点。 每个节点对应于OM的状态; 每个边缘对应于导致OM从一个节点的状态转变到另一个节点的状态的事件。 通过相对于变换图执行针对OM执行针对爬行的动作。
-
公开(公告)号:US20100088668A1
公开(公告)日:2010-04-08
申请号:US12246065
申请日:2008-10-06
申请人: Sachiko Yoshihama , Shinya Kawanaka , Takaaki Tateishi , Ory Segal , Adi Sharabani , Marco Pistoia , Guy Podjarny
发明人: Sachiko Yoshihama , Shinya Kawanaka , Takaaki Tateishi , Ory Segal , Adi Sharabani , Marco Pistoia , Guy Podjarny
IPC分类号: G06F9/44
CPC分类号: G06F8/10
摘要: A transformation tree for an object model (OM) is defined. The transformation tree has nodes interconnected by edges, where each node is connected to at most one other tree node. Each node corresponds to a state of the OM; each edge corresponds to an event causing the OM to transition from the state of one node to the state of another node. A transformation graph for the OM is constructed by simulating the transformation tree. The transformation graph has nodes interconnected by edges, and is a directed graph in which each node is connected to one or more other nodes. Each node corresponds to a state of the OM; each edge corresponds to an event causing the OM to transition from the state of one node to the state of another node. Crawling-oriented actions are performed in relation to the OM by being performed in relation to the transformation graph.
摘要翻译: 定义了对象模型(OM)的转换树。 转换树具有通过边缘互连的节点,其中每个节点连接到最多一个其他树节点。 每个节点对应于OM的状态; 每个边缘对应于导致OM从一个节点的状态转变到另一个节点的状态的事件。 通过模拟转换树构建OM的变换图。 转换图具有通过边缘互连的节点,并且是有向图,其中每个节点连接到一个或多个其他节点。 每个节点对应于OM的状态; 每个边缘对应于导致OM从一个节点的状态转变到另一个节点的状态的事件。 通过相对于变换图执行针对OM执行针对爬行的动作。
-
3.发明授权公开(公告)号:US08528095B2
公开(公告)日:2013-09-03
申请号:US12825293
申请日:2010-06-28
申请人: Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
发明人: Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
IPC分类号: G06F11/00 , H04L9/32 , G06F15/173 , G06F9/44
CPC分类号: G06F11/3604 , G06F8/75 , G06F21/577
摘要: Embodiments of the invention generally relate to injection context based static analysis of computer software applications. Embodiments of the invention may include selecting a sink within a computer software application, tracing a character output stream leading to the sink within the computer software application, determining an injection context of the character output stream at the sink, where the injection context is predefined in association with a state of the character output stream at the sink, identifying any actions that have been predefined in association with the identified injection context, and providing a report of the actions.
摘要翻译: 本发明的实施例一般涉及计算机软件应用的基于注入上下文的静态分析。 本发明的实施例可以包括选择计算机软件应用程序内的汇点,跟踪通向计算机软件应用程序内的汇点的字符输出流,确定汇点处的字符输出流的注入上下文,其中注入上下文在 与汇点处的字符输出流的状态相关联,识别已经与所识别的注入上下文相关联地预定义的任何动作,以及提供动作的报告。
-
公开(公告)号:US08387017B2
公开(公告)日:2013-02-26
申请号:US12553417
申请日:2009-09-03
申请人: Rob Calendino , Craig Robert Earl Conboy , Guy Podjarny , Ory Segal , Adi Sharabani , Omer Tripp , Omri Weisman
发明人: Rob Calendino , Craig Robert Earl Conboy , Guy Podjarny , Ory Segal , Adi Sharabani , Omer Tripp , Omri Weisman
CPC分类号: G06F11/3672
摘要: Testing a computer software application by identifying a sink in the computer software application, identifying a source associated with the sink in the application, identifying an entry point associated with the source in the application, where the source is configured to receive input provided externally to the application via the entry point, determining a sink type represented by the sink, and providing to a testing application information identifying the entry point and in association with the sink type.
摘要翻译: 通过识别计算机软件应用程序中的接收器来测试计算机软件应用程序,识别与应用程序中的接收器相关联的源,识别与应用程序中的源相关联的入口点,其中源被配置为接收从外部提供的输入 通过入口点应用,确定由汇点表示的汇点类型,以及向测试应用程序提供标识入口点并与汇点类型相关联的信息。
-
公开(公告)号:US20110055813A1
公开(公告)日:2011-03-03
申请号:US12553417
申请日:2009-09-03
申请人: Rob Calendino , Craig Robert Earl Conboy , Guy Podjarny , Ory Segal , Adi Sharabani , Omer Tripp , Omri Weisman
发明人: Rob Calendino , Craig Robert Earl Conboy , Guy Podjarny , Ory Segal , Adi Sharabani , Omer Tripp , Omri Weisman
IPC分类号: G06F9/44
CPC分类号: G06F11/3672
摘要: Testing a computer software application by identifying a sink in the computer software application, identifying a source associated with the sink in the application, identifying an entry point associated with the source in the application, where the source is configured to receive input provided externally to the application via the entry point, determining a sink type represented by the sink, and providing to a testing application information identifying the entry point and in association with the sink type.
摘要翻译: 通过识别计算机软件应用程序中的接收器来测试计算机软件应用程序,识别与应用程序中的接收器相关联的源,识别与应用程序中的源相关联的入口点,其中源被配置为接收从外部提供的输入 通过入口点应用,确定由汇点表示的汇点类型,以及向测试应用程序提供标识入口点并与汇点类型相关联的信息。
-
公开(公告)号:US20090320043A1
公开(公告)日:2009-12-24
申请号:US12145200
申请日:2008-06-24
申请人: Guy Podjarny , Ariel Sakin , Ory Segal , Shlomi Shamir , Adi Sharabani
发明人: Guy Podjarny , Ariel Sakin , Ory Segal , Shlomi Shamir , Adi Sharabani
IPC分类号: G06F9/54
CPC分类号: G06F11/3688
摘要: A method for controlling a computer-implemented application, the method including determining a current state of a computer-implemented application, inducing the application into a predefined state associated with a target action of the application if the current state does not match the predefined state in accordance with predefined match criteria, and causing the target action to be performed.
摘要翻译: 一种用于控制计算机实现的应用的方法,所述方法包括确定计算机实现的应用的当前状态,如果当前状态与所述应用的目标动作不匹配,则将所述应用引导到与所述应用的目标动作相关联的预定状态 根据预定义的匹配标准,并且使得执行目标动作。
-
公开(公告)号:US09720798B2
公开(公告)日:2017-08-01
申请号:US13493067
申请日:2012-06-11
申请人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
发明人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
CPC分类号: G06F11/3604 , G06F9/44589 , G06F9/455 , G06F11/36 , G06F11/362 , G06F21/577 , G06F2221/033
摘要: Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.
-
公开(公告)号:US09396099B2
公开(公告)日:2016-07-19
申请号:US12145200
申请日:2008-06-24
申请人: Guy Podjarny , Ariel Sakin , Ory Segal , Shlomi Shamir , Adi Sharabani
发明人: Guy Podjarny , Ariel Sakin , Ory Segal , Shlomi Shamir , Adi Sharabani
CPC分类号: G06F11/3688
摘要: A method for controlling a computer-implemented application, the method including determining a current state of a computer-implemented application, inducing the application into a predefined state associated with a target action of the application if the current state does not match the predefined state in accordance with predefined match criteria, and causing the target action to be performed.
摘要翻译: 一种用于控制计算机实现的应用的方法,所述方法包括确定计算机实现的应用的当前状态,如果当前状态与所述应用的目标动作不匹配,则将所述应用引导到与所述应用的目标动作相关联的预定状态 根据预定义的匹配标准,并且使得执行目标动作。
-
9.发明申请公开(公告)号:US20120254839A1
公开(公告)日:2012-10-04
申请号:US13493067
申请日:2012-06-11
申请人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
发明人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
IPC分类号: G06F9/44
CPC分类号: G06F11/3604 , G06F9/44589 , G06F9/455 , G06F11/36 , G06F11/362 , G06F21/577 , G06F2221/033
摘要: Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.
摘要翻译: 系统,方法是使用从白盒测试获得的信息来模拟黑盒测试结果的程序产品,包括分析计算机软件(例如应用程序)以识别计算机软件应用程序中的潜在漏洞以及与潜在漏洞相关联的多个里程碑 ,其中每个里程碑指示计算机软件应用程序内的位置,跟踪从第一个里程碑到入口点的路径到计算机软件应用程序中,识别入口点的输入将导致控制流从 描述在描述入口点和输入的描述中的潜在漏洞,以及经由计算机控制的输出介质呈现描述的入口点和通过每个里程碑。
-
公开(公告)号:US09747187B2
公开(公告)日:2017-08-29
申请号:US12913314
申请日:2010-10-27
申请人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
发明人: Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
CPC分类号: G06F11/3604 , G06F9/44589 , G06F9/455 , G06F11/36 , G06F11/362 , G06F21/577 , G06F2221/033
摘要: Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.04 秒)
