-
公开(公告)号:US11170113B2
公开(公告)日:2021-11-09
申请号:US16333247
申请日:2018-01-01
申请人: CHECKMARX LTD.
发明人: Maty Siman , Alexander Roichman , Shimon Eshkenazi
摘要: A method for testing a software application program (22) includes storing in a vulnerability database records of security vulnerabilities identified in execution of the program. Each record includes a location field containing a respective signature indicative of a location in the execution at which a corresponding security vulnerability was detected and a metadata field indicative of a respective control flow path on which the corresponding security vulnerability occurred. Upon detecting a further security vulnerability at a given location in a subsequent execution of the program, a new signature of the given location is computed and compared to the location field of the records in the database. When no record is found to match the new signature, an indication is output to a developer of the program of an occurrence of a new security vulnerability.
-
公开(公告)号:US20180107821A1
公开(公告)日:2018-04-19
申请号:US15535732
申请日:2015-12-24
申请人: CHECKMARX LTD.
发明人: Shimon Eshkenazi , Maty Siman , Alexander Roichman
摘要: A method for runtime self-protection of an application program includes, before running the application program, identifying input and output points in runtime code (24) of the program. The input points are instrumented so as to cause the program to sense and cache potentially malicious inputs to the program. The output points are instrumented so as to cause the program to detect outputs from the program corresponding to the cached inputs. While running the application program, upon detecting, at an instrumented output point, an output corresponding to a cached input, a vulnerability of a target of the output to the cached input is evaluated. A protective action is invoked upon determining that the output is potentially vulnerable to the cached input.
-
公开(公告)号:US09141806B2
公开(公告)日:2015-09-22
申请号:US13811271
申请日:2011-08-22
申请人: Maty Siman
发明人: Maty Siman
CPC分类号: G06F21/577 , G06F21/10 , G06F21/563 , G06F21/60
摘要: A method for software code analysis includes automatically processing a body of software source code (23) by a computer (22) in order to identify a group of sequences of instructions that are characterized by a common pattern. A sequence within the group containing a deviation from a norm of the common pattern is found and reported as a potential vulnerability in the software source code.
摘要翻译: 一种用于软件代码分析的方法包括由计算机(22)自动处理软件源代码(23),以便识别由共同模式表征的一组指令序列。 找到包含与公共模式范围偏差的组中的序列,并将其报告为软件源代码中的潜在漏洞。
-
公开(公告)号:US10387656B2
公开(公告)日:2019-08-20
申请号:US15453919
申请日:2017-03-09
申请人: Checkmarx Ltd.
发明人: Alexander Roichman , Maty Siman , Shimon Eshkenazi
摘要: A method for testing a software application program includes recording a sequence of functional tests that are applied to the program and automatically identifying and collapsing sessions within the recorded functional tests. Modified tests are created by replacing parameters in the collapsed sessions with malicious inputs. The modified tests are applied to the program in order to detect security vulnerabilities in the program.
-
公开(公告)号:US20130167241A1
公开(公告)日:2013-06-27
申请号:US13772377
申请日:2013-02-21
申请人: Checkmarx Ltd.
发明人: Maty Siman
IPC分类号: G06F21/57
CPC分类号: G06F8/433 , G06F17/30424 , G06F17/30598 , G06F17/30958 , G06F21/577 , G06F2221/033
摘要: A tool (22) automatically analyzes application source code (16) for application level vulnerabilities. The tool integrates seamlessly into the software development process, so vulnerabilities are found early in the software development life cycle, when removing the defects is far cheaper than in the post-production phase. Operation of the tool is based on static analysis, but makes use of a variety of techniques, for example methods of dealing with obfuscated code.
-
公开(公告)号:US11836258B2
公开(公告)日:2023-12-05
申请号:US17382390
申请日:2021-07-22
申请人: Checkmarx Ltd.
发明人: Maty Siman , Or Chen
CPC分类号: G06F21/577 , G06F8/75 , G06F2221/033
摘要: A method for software code analysis includes receiving source code of an application program, which includes one or more calls from respective entry points in the source code to a library program. The source code is automatically analyzed in order to generate a first data flow graph (DFG), representing a flow of data to be engendered upon running the application program. One or more vulnerabilities are identified in the library program. The library program is automatically analyzed to generate a second DFG linking at least one of the entry points in the source code to at least one of the vulnerabilities. The first DFG is combined with the second DFG in order to track the flow of data from the application program to the at least one of the vulnerabilities and to report at least one of the vulnerabilities as being exploitable.
-
公开(公告)号:US20220067173A1
公开(公告)日:2022-03-03
申请号:US17402544
申请日:2021-08-15
申请人: Checkmarx Ltd.
发明人: Maty Siman , Alexander Roichman
摘要: A system includes an output device and a processor. The processor is configured to analyze a software system, which includes an application subsystem and a configuration subsystem, so as to generate an output describing (i) one or more operations performed by the application subsystem, and (ii) one or more configurations for the application subsystem, which are provided by the configuration subsystem. The processor is further configured to identify, based on the output, at least one flaw in the software system that results from a combination of the operations with the configurations, and to output via the output device, in response to identifying the flaw, an indication of the flaw. Other embodiments are also described.
-
公开(公告)号:US09128728B2
公开(公告)日:2015-09-08
申请号:US13772377
申请日:2013-02-21
申请人: Checkmarx Ltd.
发明人: Maty Siman
CPC分类号: G06F8/433 , G06F17/30424 , G06F17/30598 , G06F17/30958 , G06F21/577 , G06F2221/033
摘要: A tool (22) automatically analyzes application source code (16) for application level vulnerabilities. The tool integrates seamlessly into the software development process, so vulnerabilities are found early in the software development life cycle, when removing the defects is far cheaper than in the post-production phase. Operation of the tool is based on static analysis, but makes use of a variety of techniques, for example methods of dealing with obfuscated code.
摘要翻译: 工具(22)自动分析应用程序源代码(16)以获取应用程序级漏洞。 该工具无缝集成到软件开发过程中,因此在软件开发生命周期早期发现漏洞,当删除缺陷比后期制作阶段便宜得多时。 该工具的操作基于静态分析,但利用各种技术,例如处理模糊代码的方法。
-
公开(公告)号:US20220035928A1
公开(公告)日:2022-02-03
申请号:US17382390
申请日:2021-07-22
申请人: Checkmarx Ltd.
发明人: Maty Siman , Or Chen
摘要: A method for software code analysis includes receiving source code of an application program, which includes one or more calls from respective entry points in the source code to a library program. The source code is automatically analyzed in order to generate a first data flow graph (DFG), representing a flow of data to be engendered upon running the application program. One or more vulnerabilities are identified in the library program. The library program is automatically analyzed to generate a second DFG linking at least one of the entry points in the source code to at least one of the vulnerabilities. The first DFG is combined with the second DFG in order to track the flow of data from the application program to the at least one of the vulnerabilities and to report at least one of the vulnerabilities as being exploitable.
-
公开(公告)号:US10120997B2
公开(公告)日:2018-11-06
申请号:US15535732
申请日:2015-12-24
申请人: CHECKMARX LTD.
发明人: Shimon Eshkenazi , Maty Siman , Alexander Roichman
摘要: A method for runtime self-protection of an application program includes, before running the application program, identifying input and output points in runtime code (24) of the program. The input points are instrumented so as to cause the program to sense and cache potentially malicious inputs to the program. The output points are instrumented so as to cause the program to detect outputs from the program corresponding to the cached inputs. While running the application program, upon detecting, at an instrumented output point, an output corresponding to a cached input, a vulnerability of a target of the output to the cached input is evaluated. A protective action is invoked upon determining that the output is potentially vulnerable to the cached input.
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.013 秒)
