Patent application number | Description | Published |
20140195597 | WEB SERVICES - A method, system, and/or computer program product invokes a web service in a software application. A software application comprises a machine readable description of a functionality to be supported by a web service to be invoked, and a machine readable description of an execution instruction for the web service to be invoked. One or more processors determine/identify a web service that supports the functionality to be supported and the execution instruction for the web service to be invoked. | 07-10-2014 |
20140201842 | IDENTIFYING STORED SECURITY VULNERABILITIES IN COMPUTER SOFTWARE APPLICATIONS - Identifying stored security vulnerabilities in computer software applications by providing via a first interface of a computer software application during execution of the computer software application, test data having a characteristic of a malicious payload, where an interaction performed with the first interface resulted in data being written to a location within a persistent data store, and where an interaction performed with a second interface of the computer software application resulted in data being read from the location within the persistent data store, and identifying a stored security vulnerability associated with the computer software application if the test data are written to the persistent data store at the location. | 07-17-2014 |
20140215431 | STATIC ANALYSIS OF COMPUTER SOFTWARE APPLICATIONS HAVING A MODEL-VIEW-CONTROLLER ARCHITECTURE - Preparing a computer software application for static analysis by identifying a control flow within a model portion of a computer software application having a model-view-controller architecture, where the control flow passes a value to a controller portion of the computer software application, analyzing a declarative specification of the controller portion of the computer software application to identify a view to which the controller portion passes control based on the value, and synthesizing a method within the computer software application, where the method calls the view. | 07-31-2014 |
20140298474 | AUTOMATIC SYNTHESIS OF UNIT TESTS FOR SECURITY TESTING - Performing security analysis on a computer program under test (CPUT). The CPUT can be analyzed to identify data pertinent to potential security vulnerabilities of the CPUT. At least a first unit test configured to test a particular unit of program code within the CPUT can be automatically synthesized. The first unit test can be configured to initialize at least one parameter used by the particular unit of program code within the CPUT, and can be provided at least a first test payload configured to exploit at least one potential security vulnerability of the CPUT. The first unit test can be dynamically processed to communicate the first test payload to the particular unit of program code within the CPUT. Whether the first test payload exploits an actual security vulnerability of the CPUT can be determined, and a security analysis report can be output. | 10-02-2014 |
20140359161 | COMPARISON BETWEEN DIFFERENT DESCRIPTIONS OF A WEB SERVICE - In one embodiment, a computer-implemented method for comparing first and second descriptions of a web service includes computing a distance between each type used as a parameter in the first description and each type used as a parameter in the second description. A distance is calculated between methods in each of two or more pairs of methods. Each pair includes a method in the first description and a method in the second description. The calculating is performed by comparing the parameters of the first set of methods and the second set of methods using the computed distances between types. To the calculated distance between each pair of methods is added the distance between the names of the compared methods and the distance between the returned types of the compared methods. For each method in the first description, the method in the second description with the lowest calculated distance is output. | 12-04-2014 |
20140366146 | INTERACTIVE ANALYSIS OF A SECURITY SPECIFICATION - Analyzing a security specification. An embodiment can include identifying a downgrader in a computer program under test. Testing on the downgrader can be performed in a first level of analysis. Responsive to the downgrader not passing the testing performed in the first level of analysis, a counter example for the downgrader can be automatically synthesized. Further, a test unit can be created for the downgrader using the counter example as an input parameter to the downgrader. The test unit can be executed to perform testing on the downgrader in a second level of analysis. Responsive to the downgrader passing the testing performed in the second level of analysis, a user can be prompted to simplify a model of the downgrader. | 12-11-2014 |
20140372848 | Optimizing Automated Interactions with Web Applications - Optimizing automated interactions with web pages by identifying, for each of multiple web pages, path information including an incoming hyperlink path having at least one hyperlink, where the incoming hyperlink path leads to the web page, and/or an outgoing hyperlink path having at least one hyperlink, where the outgoing hyperlink path emanates from the web page, determining whether the path information of each of the web pages meets a similarity condition, excluding from an interaction set of the web pages any of the web pages whose path information meets the similarity condition, and causing an automated interaction to be performed with any of the web pages in the interaction set. | 12-18-2014 |
20150095304 | CRAWLING COMPUTER-BASED OBJECTS - Crawling computer-based objects is implemented by identifying a dependency between a first portion of a computer-based object set and a second portion of the computer-based object set, where the second portion is data-dependent on the first portion, and responsive to identifying the dependency, effecting a crawling of the first portion and thereafter a crawling of the second portion. | 04-02-2015 |
20150095305 | DETECTING MULTISTEP OPERATIONS WHEN INTERACTING WITH WEB APPLICATIONS - Detecting multistep operations when interacting with web applications is performed by identifying a set of multiple web pages of a web application, where the web pages in the set of multiple web pages are sequentially navigable, identifying a group of multiple web page elements at the same relative location in each of the web pages in the set of multiple web pages, determining that the identified groups of web page elements are similar to each other in accordance with a predefined similarity criterion, identifying an element that is common to each identified group of web page elements, and determining that a characteristic of the element is uniquely varied in each of the identified groups of web page elements. | 04-02-2015 |
20150095721 | DETECTING ERROR STATES WHEN INTERACTING WITH WEB APPLICATIONS - Detecting error states when interacting with web applications is performed by accessing a first web page of a web application, determining that the first web page includes an input validation operation, configuring an input to cause the input validation operation to effect an error state, providing the input to the first web page, thereby effecting the error state, identifying a feature that is absent from the first web page before the input is provided to the first web page and present in the first web page after the input is provided to the first web page, and detecting that a second web page of the web application is in an error state if the feature is present in the second web page. | 04-02-2015 |
20150095886 | PROGRESSIVE BLACK-BOX TESTING OF COMPUTER SOFTWARE APPLICATIONS - Testing computer software applications by performing a first black-box test on a computer software application, identifying any instructions of the computer software application that were reached by a payload of the first black-box test, determining a degree of success of the first black-box test in accordance with predefined success criteria, determining whether any of the instructions that were reached by the payload changed after performing the first black-box test, deciding whether to perform a second black-box test on the computer software application, where the deciding whether to perform the second black-box test is based on whether any of the instructions that were reached by the payload of the first black-box test changed after performing the first black-box test, and the degree of success of the first black-box test. | 04-02-2015 |
20150095888 | PROGRESSIVE BLACK-BOX TESTING OF COMPUTER SOFTWARE APPLICATIONS - Testing computer software applications by performing a first black-box test on a computer software application, identifying any instructions of the computer software application that were reached by a payload of the first black-box test, determining a degree of success of the first black-box test in accordance with predefined success criteria, determining whether any of the instructions that were reached by the payload changed after performing the first black-box test, deciding whether to perform a second black-box test on the computer software application, where the deciding whether to perform the second black-box test is based on whether any of the instructions that were reached by the payload of the first black-box test changed after performing the first black-box test, and the degree of success of the first black-box test. | 04-02-2015 |
20150095891 | ELIMINATING REDUNDANT INTERACTIONS WHEN TESTING COMPUTER SOFTWARE APPLICATIONS - Testing computer software applications includes comparing multiple execution paths associated with multiple interactions performed with a computer software application during execution of the computer software application in order to determine which of the execution paths are similar in accordance with a predefined similarity criterion, identifying a subset of the interactions whose associated execution paths are similar in accordance with the predefined similarity criterion, and performing fewer than all of the interactions in the subset with the computer software application during execution of the computer software application. | 04-02-2015 |
20150095893 | OPTIMIZING TEST DATA PAYLOAD SELECTION FOR TESTING COMPUTER SOFTWARE APPLICATIONS THAT EMPLOY DATA SANITIZERS AND DATA VALIDATORS - Testing computer software applications is implemented by probing a computer software application to determine the presence in the computer software application of any data-checking features, and applying a rule to the data-checking features that are determined to be present in the computer software application, thereby producing a testing set of inputs. The testing set includes any sets of inputs that were used to test sets of data-checking software, where each of the sets of data-checking software includes one or more data sanitizers and/or data validators, and where the rule is configured to produce the testing set to include one or more of the sets of inputs when the rule is applied to any of the data-checking features. The computer software application is tested using the testing set. | 04-02-2015 |
20150095894 | DETECTING RACE CONDITION VULNERABILITIES IN COMPUTER SOFTWARE APPLICATIONS - Testing computer software applications is performed by identifying first and second executable portions of the computer software application, where the portions are configured to access a data resource, and where at least one of the portions is configured to write to the data resource, instrumenting the computer software application by inserting one or more instrumentation instructions into one or both of the portions, where the instrumentation instruction is configured to cause execution of the portion being instrumented to be extended by a randomly-determined amount of time, and testing the computer software application in multiple iterations, where the computer software application is executed in multiple parallel execution threads, where the portions are independently executed at least partially in parallel in different threads, and where the computer software application is differently instrumented in each of the iterations. | 04-02-2015 |
20150096032 | DETECTING VULNERABILITY TO RESOURCE EXHAUSTION - In an aspect of managing resource exhaustion, a method includes receiving a program code that is configured for generating a random number. The generating is identified as vulnerable to a resource exhaustion. The method also includes identifying a statement in the program code at which a value of a variable associated with the generating of the random number is affected, inserting a hooking code in the statement for monitoring the variable at the statement, and running the program code in a plurality of iterations. A consumption level of the resource is varied in the plurality of iterations. The method further includes monitoring a plurality of values of the variable in the plurality of iterations. The method also includes executing a regression analysis on the plurality of values and returning a root cause of the vulnerability. | 04-02-2015 |
20150096033 | Security Testing Using Semantic Modeling - Optimized testing of vulnerabilities in an application implemented by a method includes generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, and generating at least a second probe to further verify the first hypothesis. The second probe focuses on discovering additional details about the application's vulnerabilities to the first type of attack or a second type of attack. | 04-02-2015 |
20150096036 | Security Testing Using Semantic Modeling - Optimized testing of vulnerabilities in an application implemented by a method includes generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, and generating at least a second probe to further verify the first hypothesis. The second probe focuses on discovering additional details about the application's vulnerabilities to the first type of attack or a second type of attack. | 04-02-2015 |