Patent application number | Description | Published |
20120266246 | PINPOINTING SECURITY VULNERABILITIES IN COMPUTER SOFTWARE APPLICATIONS - A build process management system can acquire data pertaining to a software build process that is currently being executed by an automated software build system. The software build process can include executable process steps, metadata, and/or environmental parameter values. An executable process step can utilize a build artifact, representing an electronic document that supports the software build process. The acquired data can then be synthesized into an immutable baseline build process and associated baseline artifact library. The baseline artifact library can store copies of the build artifacts. The immutable baseline build process can include baseline objects that represent data values and dependencies indicated in the software build process. In response to a user-specified command, an operation can be performed upon the baseline build process and associated baseline artifact library. | 10-18-2012 |
20120266248 | PINPOINTING SECURITY VULNERABILITIES IN COMPUTER SOFTWARE APPLICATIONS - A build process management system can acquire data pertaining to a software build process that is currently being executed by an automated software build system. The software build process can include executable process steps, metadata, and/or environmental parameter values. An executable process step can utilize a build artifact, representing an electronic document that supports the software build process. The acquired data can then be synthesized into an immutable baseline build process and associated baseline artifact library. The baseline artifact library can store copies of the build artifacts. The immutable baseline build process can include baseline objects that represent data values and dependencies indicated in the software build process. In response to a user-specified command, an operation can be performed upon the baseline build process and associated baseline artifact library. | 10-18-2012 |
20120311712 | TESTING WEB APPLICATIONS FOR FILE UPLOAD VULNERABILITIES - A system for detecting file upload vulnerabilities in web applications is provided. The system may include a black-box tester configured to upload, via a file upload interface exposed by a web application, a file together with a signature associated with the file. An execution monitor may be configured to receive information provided by instrumentation instructions within the web application during the execution of the web application. The execution monitor may be configured to recognize the signature of the uploaded file as indicating that the uploaded file was uploaded by the black-box tester. The execution monitor may also be configured to use any of the information to make at least one predefined determination assessing the vulnerability of the web application to a file upload exploit. | 12-06-2012 |
20120311714 | TESTING WEB APPLICATIONS FOR FILE UPLOAD VULNERABILITIES - A system for detecting file upload vulnerabilities in web applications is provided. The system may include a black-box tester configured to upload, via a file upload interface exposed by a web application, a file together with a signature associated with the file. An execution monitor may be configured to receive information provided by instrumentation instructions within the web application during the execution of the web application. The execution monitor may be configured to recognize the signature of the uploaded file as indicating that the uploaded file was uploaded by the black-box tester. The execution monitor may also be configured to use any of the information to make at least one predefined determination assessing the vulnerability of the web application to a file upload exploit. | 12-06-2012 |
20130166676 | DETECTION OF CUSTOM PARAMETERS IN A REQUEST URL - Identifying at least one custom parameter in a request uniform resource locator (URL). At least a first portion of source code of a Web application that typically consumes the custom parameter provided in the request URL can be identified. The Web application can be instrumented at the first portion of the source code. The Web application can receive the request URL and the Web application can be executed with the instrumented source code. At least one run-time value consumed by the second portion of the source code can be identified, and the run-time value can be compared to the request URL to determine whether the run-time value intersects with the request URL. Responsive to determining that the run-time value intersects with the request URL, the run-time value can be identified as the custom parameter. A custom parameter rule can be generated based on the comparison. | 06-27-2013 |
20130167124 | DETECTION OF CUSTOM PARAMETERS IN A REQUEST URL - Identifying at least one custom parameter in a request uniform resource locator (URL). The method can include identifying at least a first portion of source code of a Web application that typically consumes the custom parameter provided in the request URL and, via a processor, instrumenting the Web application at the first portion of the source code. The Web application can receive the request URL and the Web application can be executed with the instrumented source code. At least one run-time value consumed by the second portion of the source code can be identified, and the run-time value can be compared to the request URL to determine whether the run-time value intersects with the request URL. Responsive to determining that the run-time value intersects with the request URL, the run-time value can be identified as the custom parameter. A custom parameter rule can be generated based on the comparison. | 06-27-2013 |
Patent application number | Description | Published |
20110162072 | DETERMINING THE VULNERABILITY OF COMPUTER SOFTWARE APPLICATIONS TO ATTACKS - Determining the vulnerability of computer software applications to attacks by identifying a defense-related variable within a computer software application that is assigned results of a defense operation defending against a predefined type of attack, identifying a control-flow predicate dominating a security-sensitive operation within the application, identifying a data-flow dependent variable in the application that is data-flow dependent on the defense-related variable, determining whether the control-flow predicate uses the data-flow dependent variable to make a branching decision and whether a control-flow path leading to the security-sensitive operation is taken only if the data-flow dependent variable is compared against a value of a predefined type, determining that the security-sensitive operation is safe from the attack if both control-flow conditions are true, and determining that the application is safe from the attack if all security-sensitive operations in the application are determined to be safe from the attack. | 06-30-2011 |
20110321168 | THWARTING CROSS-SITE REQUEST FORGERY (CSRF) AND CLICKJACKING ATTACKS - Embodiments of the invention generally relate to thwarting fraud perpetrated with a computer by receiving a request from a computer to perform a transaction. Embodiments of the invention may include receiving the request together with transaction data and a cookie, where the transaction data are separate from the cookie; determining in accordance with predefined validation criteria whether the cookie includes a valid representation of the transaction data; and performing the transaction only if the cookie includes a valid representation of the transaction data. | 12-29-2011 |
20140068563 | COMPUTER SOFTWARE APPLICATION SELF-TESTING - Testing a computer software application by detecting an arrival of input data provided as input to a computer software application from a source external to the computer software application, modifying the detected input data to include test data configured to test the computer software application in accordance with a predefined test, thereby creating a modified version of the detected input data, and processing the modified version of the detected input data, thereby performing the predefined test on the computer software application using the test data. | 03-06-2014 |
20140096240 | IDENTIFYING WHETHER AN APPLICATION IS MALICIOUS - Identifying whether a first application is malicious. The first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. When the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, an alert can be generated indicating that the first application is malicious. | 04-03-2014 |
20140096248 | IDENTIFYING WHETHER AN APPLICATION IS MALICIOUS - Identifying whether a first application is malicious. The first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. When the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, an alert can be generated indicating that the first application is malicious. | 04-03-2014 |
20140129620 | INDICATING COVERAGE OF WEB APPLICATION TESTING - Testing a system under test includes intercepting, within a proxy system, a request from a client system sent to the system under test. The request is analyzed within the proxy system and sent to the system under test. Within the proxy system, a response from the system under test sent to the client system is intercepted. The response is instrumented creating a modified response indicating test coverage according to the request. The modified response is sent to the client system. | 05-08-2014 |
20140129877 | COLLABORATIVE APPLICATION TESTING - A method, computer program product, and computer system for performing, at a computing device, an analysis of a web application. A response is annotated by the web application with coverage data based upon, at least in part, the analysis, wherein the coverage data indicates which actions have been performed on the web application and which actions have not been performed on the web application according to results of the analysis. The response that includes the coverage data is shared with one or more users. | 05-08-2014 |
20140129878 | INDICATING COVERAGE OF WEB APPLICATION TESTING - Testing a system under test includes intercepting, within a proxy system, a request from a client system sent to the system under test. The request is analyzed within the proxy system and sent to the system under test. Within the proxy system, a response from the system under test sent to the client system is intercepted. The response is instrumented creating a modified response indicating test coverage according to the request. The modified response is sent to the client system. | 05-08-2014 |
20140129915 | COLLABORATIVE APPLICATION TESTING - A method, computer program product, and computer system for performing, at a computing device, an analysis of a web application. A response is annotated by the web application with coverage data based upon, at least in part, the analysis, wherein the coverage data indicates which actions have been performed on the web application and which actions have not been performed on the web application according to results of the analysis. The response that includes the coverage data is shared with one or more users. | 05-08-2014 |
20140157418 | DETECTING SECURITY VULNERABILITIES ON COMPUTING DEVICES - Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability. | 06-05-2014 |
20140373158 | DETECTING SECURITY VULNERABILITIES ON COMPUTING DEVICES - Identifying security vulnerabilities on computing devices by gathering information about a first software application with which a computing device is configured, selecting, using any of the information, an attack specification from a set of predefined attack specifications, attacking the first software application on the computing device with an attack that is in accordance with the selected attack specification, identifying a post-attack condition associated with the first software application, determining whether the post-attack condition is consistent with a predefined security vulnerability, and performing a predefined action associated with the predefined security vulnerability responsive to determining that the post-attack condition is consistent with the predefined security vulnerability, where the gathering, selecting, attacking, identifying, determining, and performing are performed by a second software application during execution of the second software application on the computing device. | 12-18-2014 |
20150096032 | DETECTING VULNERABILITY TO RESOURCE EXHAUSTION - In an aspect of managing resource exhaustion, a method includes receiving a program code that is configured for generating a random number. The generating is identified as vulnerable to a resource exhaustion. The method also includes identifying a statement in the program code at which a value of a variable associated with the generating of the random number is affected, inserting a hooking code in the statement for monitoring the variable at the statement, and running the program code in a plurality of iterations. A consumption level of the resource is varied in the plurality of iterations. The method further includes monitoring a plurality of values of the variable in the plurality of iterations. The method also includes executing a regression analysis on the plurality of values and returning a root cause of the vulnerability. | 04-02-2015 |
20160055073 | COMPUTER SOFTWARE APPLICATION SELF-TESTING - Testing a computer software application by detecting an arrival of input data provided as input to a computer software application from a source external to the computer software application, modifying the detected input data to include test data configured to test the computer software application in accordance with a predefined test, thereby creating a modified version of the detected input data, and processing the modified version of the detected input data, thereby performing the predefined test on the computer software application using the test data. | 02-25-2016 |
Patent application number | Description | Published |
20100215053 | System and Method for the Control of the Transmission Rate in Packet-Based Digital Communications - A transmission bit rate control mechanism for a packet-based communication system in which sender transmission bit rates can vary over time is provided. The transmission bit rate mechanism includes a receiver recording mechanism, which receives transmission time information, computes and records statistical parameters of packets received from a sender; and a receiver processing mechanism, which selectively computes a new transmission bit rate using the recorded statistical parameters, and communicates a new transmission bit rate to the sender. | 08-26-2010 |
20110280257 | SYSTEM AND METHOD FOR LOW DELAY, INTERACTIVE COMMUNICATION USING MULTIPLE TCP CONNECTIONS AND SCALABLE CODING - Systems and methods for communication of scaleable-coded audiovisual signals over multiple TCP/IP connections are provided. The sender schedules and prioritizes transmission of individual scalable-coded data packets over the plurality of TCP connections according to their relative importance in the scalable coding structure for signal reconstruction quality and according to receiver feedback. Low-latency packet delivery over the multiple TCP/IP connections is maintained by avoiding transmission or retransmission of packets that are less important for reconstructed media quality. | 11-17-2011 |
20110292161 | Systems And Methods For Scalable Video Communication Using Multiple Cameras And Multiple Monitors - Systems and methods for performing videoconferencing using endpoints with multiple monitors and multiple cameras are disclosed herein. These endpoints are comprised of, where each node is comprised of a control unit and one or more node units, each connected to at least one monitor, camera, speaker, or microphone. Video is encoded using scalable coding, and endpoints are connected to each other over a network using an SVCS. Algorithms are described for layout management, tagging of individual streams, and use of tags for dynamic and prioritized layout management. | 12-01-2011 |
20120069135 | SYSTEMS AND METHODS FOR ERROR RESILIENCE AND RANDOM ACCESS IN VIDEO COMMUNICATION SYSTEMS - Systems and methods for error resilient transmission and for random access in video communication systems are provided. The video communication systems are based on single-layer, scalable video, or simulcast video coding with temporal scalability, which may be used in video communication systems. A set of video frames or pictures in a video signal transmission is designated for reliable or guaranteed delivery to receivers using secure or high reliability links, or by retransmission techniques. The reliably-delivered video frames are used as reference pictures for resynchronization of receivers with the transmitted video signal after error incidence and for random access. | 03-22-2012 |
20120072499 | SYSTEM AND METHOD FOR THE CONTROL AND MANAGEMENT OF MULTIPOINT CONFERENCE - Systems and methods for the control and management of multipoint conferences are disclosed herein, where endpoints can selectively and individually manage the streams that will be transmitted to them. Techniques are described that allow a transmitting endpoint to collect information from other receiving endpoints, or aggregated such information from servers, and process them into a single set of operating parameters that it then uses for its operation. Algorithms are described for performing conference-level show, on-demand show, show parameter aggregation and propagation, propagation of notifications. Parameters identified for describing sources in show requests include bit rate, window size, pixel rate, and frames per second. | 03-22-2012 |
20120192240 | PARTICIPANT AWARE CONFIGURATION FOR VIDEO ENCODER - Systems and methods for multipoint video distribution are disclosed herein. In some embodiments, system for multipoint video distribution include at least one endpoint including a EECM and a DECM, and at least one server including a SECM, the server being coupled to the endpoint. In some embodiments, methods for configuring an encoder include receiving at least one property related to a capability of a decoder, determining a number of layers to be coded by the encoder, and configuring the encoder based on that at least one property. | 07-26-2012 |
20130250037 | System and Method for the Control and Management of Multipoint Conferences - Systems and methods for the control and management of multipoint conferences are disclosed herein, where endpoints can selectively and individually manage the streams that will be transmitted to them. Techniques are described that allow a transmitting endpoint to collect information from other receiving endpoints, or aggregated such information from servers, and process them into a single set of operating parameters that it then uses for its operation. Algorithms are described for performing conference-level show, on-demand show, show parameter aggregation and propagation, propagation of notifications. Parameters identified for describing sources in show requests include bit rate, window size, pixel rate, and frames per second. | 09-26-2013 |
20150264378 | Systems And Methods For Error Resilience And Random Access In Video Communication Systems - Systems and methods for error resilient transmission and for random access in video communication systems are provided. The video communication systems are based on single-layer, scalable video, or simulcast video coding with temporal scalability, which may be used in video communication systems. A set of video frames or pictures in a video signal transmission is designated for reliable or guaranteed delivery to receivers using secure or high reliability links, or by retransmission techniques. The reliably-delivered video frames are used as reference pictures for resynchronization of receivers with the transmitted video signal after error incidence and for random access. | 09-17-2015 |
Patent application number | Description | Published |
20120254285 | SYSTEM AND METHOD FOR COMMUNICATION MANAGEMENT OF A MULTI-TASKING MOBILE DEVICE - A mobile device and method for management of communication from a mobile device capable of multi-tasking. The method includes capturing a request from at least one application executed on the mobile device for data communication through a network interface of the mobile device; identifying the at least one application by interrogation of an operating system of the mobile device; determining for the identified one application data communication access rights; and autonomously communicating through the network interface for the at least one application and independently communicating with the at least one application without interfering with normal operation of the at least one application, when the data communication access rights require regulating bandwidth usage by the at least one application. | 10-04-2012 |
20120254327 | APPARATUS AND METHODS FOR BANDWIDTH SAVING AND ON-DEMAND DATA DELIVERY FOR A MOBILE DEVICE - A method for reducing data bandwidth usage in wireless communication comprises receiving a request from the a mobile device to provide the an e-mail message; sending a request to the an e-mail server for delivery of the e-mail message; analyzing the e-mail message delivered from the e-mail server to determine if a size of the e-mail message is above a threshold value, and if not expanding the e-mail content to be above the threshold value; acknowledging to the mobile device the existence of the e-mail message and its respective size; and delivering to the mobile device header content of the e-mail content, thereby only a small fraction of the data corresponding to the e-mail message is actually delivered to the mobile device. | 10-04-2012 |
20130232216 | METHOD FOR EFFICIENT USE OF CONTENT STORED IN A CACHE MEMORY OF A MOBILE DEVICE - A method for cache management of a mobile device communicatively connected to a network component via a network is provided. The method comprises receiving by the network component a request from the mobile device for a data item, the request accompanied by a unique identifier associated thereto, the data item residing in the cache; fetching the data item from at least a server communicatively connected to the network component; generating a unique identifier respective of the fetched data item; and comparing the generated unique identifier and the received unique identifier to determine whether the data item in the cache is the same as the data item fetched from the at least a server. | 09-05-2013 |
20130262675 | PROXY AND METHOD FOR DETERMINATION OF A UNIQUE USER IDENTIFICATION FOR A PLURALITY OF APPLICATIONS ACCESSING THE WEB FROM A MOBILE DEVICE - A proxy and a method for providing a unique user identification (UUID) to a mobile device executing a plurality of mobile applications. The method includes receiving a request to access an Internet resource by a mobile application of the plurality of mobile applications; generating a unique user identification (UUID) to uniquely identify the mobile device, thereby the UUID enables the at least one Internet resource to uniquely identify the mobile device regardless of which of the plurality of mobile applications made a request to the Internet resource; associating to the request the UUID; and forwarding the request with the UUID to the Internet resource. | 10-03-2013 |
20140214921 | SYSTEM AND METHOD FOR IDENTIFICATION OF AN APPLICATION EXECUTED ON A MOBILE DEVICE - A method for uniquely identifying an application executed on a mobile device is provided. The method comprises trapping a request to execute an application by the mobile device, wherein the request is initiated by the application and directed to an Internet resource associated with the application; identifying a source of the request; generating metadata respective of the application initiated the request; and sending the metadata to the a proxy server communicatively connected to the mobile device, wherein the proxy server is configured to uniquely identify a name and a type of the application by matching information in the metadata to an app-index. This is subject to a user's privacy, opt-in, or opt-out settings. | 07-31-2014 |
20140237109 | TECHNIQUES FOR DETERMINING A MOBILE APPLICATION DOWNLOAD ATTRIBUTION - A proxy server and a method for determining a mobile application download attribution are provided. The method includes identifying an application downloaded from an application repository to a mobile device; analyzing previously logged requests sent from the mobile device to identify a most recent request directed to the application repository from the mobile device; analyzing the identified most recent request to detect a source that causes the application download and at least one identifier of the application; determining the download attribution respective of the source that causes the application download; and generating an application metadata respective of the download attribution and the application identifiers. This is subject to a user's privacy, opt-in, or opt-out settings. | 08-21-2014 |
20140280797 | SYSTEM AND METHOD FOR ESTABLISHING A VIRTUAL PRIVATE NETWORK OF A MOBILE DEVICE THROUGH A PREFERRED NETWORK - A system and method may handle the supervision of the connectivity of a virtual private network (VPN) of a mobile device that is configured to connect through a plurality of network interfaces. A server may configure the mobile device to send a request for data item. The server may track the response of the mobile device to the request. According to one embodiment, the VPN may not be connected through a preferred network interface, while such interface is available. In such case, the data item may be routed through the preferred network and therefore not received by the VPN server within a predetermined period of time. According to another embodiment, the server may identify an internal IP address of the data item. The server may be configured to determine the current network interface based on the internal IP address. The server may disconnect the VPN to permit the VPN to reconnect through the preferred network interface. | 09-18-2014 |
20160055537 | TECHNIQUES TO TARGET AND COMMUNICATE MOBILE OFFERS - Techniques to target and communicate mobile offers are described. Some embodiments are particularly directed to techniques to techniques to target and communicate mobile offers using member information from a social-networking service. In one embodiment, for example, an apparatus may comprise a customer selection component, a channel selection component, and an offer customization component. The customer selection component may be operative to retrieve an offer from an offers store, the offer associated with offer selection criteria, and search a user information store to select a mobile user based on a match between the offer selection criteria and user information for the mobile user stored in the user information store. Other embodiments are described and claimed. | 02-25-2016 |
20160142375 | TECHNIQUES TO AUTHENTICATE A CLIENT TO A PROXY THROUGH A DOMAIN NAME SERVER INTERMEDIARY - Techniques to authenticate a client to a proxy through a domain name server intermediary are described. In one embodiment, for example, a client apparatus may comprise a data store and a network access component. The data store may be operative to store a network configuration file, the network configuration file containing a client-specific secret. The network access component may be operative to transmit a communication request from the client device to a proxy server, the communication request directed to a destination server distinct from the proxy server, and to receive a response to the communication request from the destination server based on a determination by the proxy server that the client is authorized to use the proxy server, the determination based on the client having previously sent an encoding of a client-specific secret to a domain name server embedded within a lookup domain of a domain name request. Other embodiments are described and claimed. | 05-19-2016 |