公开(公告)号：US20130007887A1

公开(公告)日：2013-01-03

申请号：US13430013

申请日：2012-03-26

申请人： YINNON A. HAVIV ,  DANIEL KALMAN ,  DMITRI PIKUS ,  OMER TRIPP ,  OMRI WEISMAN

发明人： YINNON A. HAVIV ,  DANIEL KALMAN ,  DMITRI PIKUS ,  OMER TRIPP ,  OMRI WEISMAN

IPC分类号： G06F21/00 ,  G06F15/16

CPC分类号： G06F21/577 ,  H04L63/1433 ,  H04L63/1441

摘要： Detecting security vulnerabilities in web applications by interacting with a web application at a computer server during its execution at the computer server, identifying client-side instructions provided by the web application responsive to an interaction with the web application, where the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server, evaluating the identified client-side instructions, and identifying a security vulnerability associated with the client-side instructions.

公开(公告)号：US20130007885A1

公开(公告)日：2013-01-03

申请号：US13170839

申请日：2011-06-28

申请人： YINNON A. HAVIV ,  DANIEL KALMAN ,  DMITRI PIKUS ,  OMER TRIPP ,  OMRI WEISMAN

发明人： YINNON A. HAVIV ,  DANIEL KALMAN ,  DMITRI PIKUS ,  OMER TRIPP ,  OMRI WEISMAN

IPC分类号： G06F21/00

CPC分类号： G06F21/577 ,  H04L63/1433 ,  H04L63/1441

摘要： Detecting security vulnerabilities in web applications by interacting with a web application at a computer server during its execution at the computer server, identifying client-side instructions provided by the web application responsive to an interaction with the web application, where the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server, evaluating the identified client-side instructions, and identifying a security vulnerability associated with the client-side instructions.

摘要翻译： 通过在计算机服务器执行期间与计算机服务器上的Web应用程序交互来检测Web应用程序中的安全漏洞，识别由Web应用程序提供的客户端指令，响应于与Web应用程序的交互，其中客户端指令是 被配置为由从计算机服务器接收客户端指令的客户端计算机实现，评估所识别的客户端指令，以及识别与客户端指令相关联的安全漏洞。

公开(公告)号：US20130081002A1

公开(公告)日：2013-03-28

申请号：US13246260

申请日：2011-09-27

申请人： DANIEL KALMAN ,  DMITRI PIKUS ,  OMER TRIPP ,  OMRI WEISMAN

发明人： DANIEL KALMAN ,  DMITRI PIKUS ,  OMER TRIPP ,  OMRI WEISMAN

IPC分类号： G06F9/44

CPC分类号： G06F21/52 ,  G06F8/51 ,  G06F8/75 ,  G06F11/3604

摘要： Performing data flow analysis of a computer software application, including, for a data flow analysis type, identifying within a computer software application code base a plurality of seeds relating to the data flow analysis type, for each of the plurality of seeds, defining a portion of the computer software application code base to a predefined depth of calls backward from the seed and to a predefined depth of calls forward from the seed, thereby resulting in a plurality of bounded portions of the computer software application code base, detecting a change in the computer software application code base, and performing, on any of the bounded portions affected by the change, a data flow analysis relating to the data flow analysis type.