Patent application number | Description | Published |
20120198555 | TESTING WEB SERVICES THAT ARE ACCESSIBLE VIA SERVICE ORIENTED ARCHITECTURE (SOA) INTERCEPTORS - Systems, methods, and computer program products are disclosed for testing web service-related elements, where the instructions of a web service-related element are statically analyzed to identify a characteristic of an output of the web service-related element, and where it is determined from a received response to a web service request that the web service request was processed by the web service-related element if at least a portion of the response matches the characteristic of the output of the web service-related element. | 08-02-2012 |
20130311829 | PERFORMANCE TESTING OF WEB COMPONENTS USING IDENTITY INFORMATION - Performance testing of web components using identity information includes providing a web component for testing having business logic code and an associated authorization layer code, locating, using a processor, branches in the authorization layer code and the business logic code which are dependent on identity information, and creating, using the processor, symbolic identities with claims or attributes having values corresponding to the branch options of the located branches. The method also includes propagating the symbolic identities downstream from the branch locations through the authorization layer code and the business logic code and analyzing, using the processor, the performance of each symbolic identity. | 11-21-2013 |
20140012876 | FINDING SERVICES IN A SERVICE REGISTRY SYSTEM OF A SERVICE-ORIENTED ARCHITECTURE - Searching a service registry system including a plurality of services identified by respective service names, wherein at least some of said service names being associated with a set of client identifiers, includes receiving a search request, said request including a service name and a further set of client identifiers, searching, using a processor, the service registry system for a match between the requested service name and a service name of one of said services in the service registry system, and, in the absence of such a match, searching, using the processor, the service registry system for services that have an association with at least some of the client identifiers in said further set. A search result can be returned. | 01-09-2014 |
20140082735 | MINING ATTACK VECTORS FOR BLACK-BOX SECURITY TESTING - Black-box security testing for a Web application includes identifying infrastructure supporting the Web application, obtaining vulnerability data for the Web application from an external data source according to the infrastructure, deriving a test payload from the vulnerability data using a processor, and determining a type of vulnerability exploited by the test payload. An existing validation operation of a testing system is selected for validating a response from the Web application to the test payload according to the type of vulnerability. | 03-20-2014 |
20140082737 | MINING ATTACK VECTORS FOR BLACK-BOX SECURITY TESTING - Black-box security testing for a Web application includes identifying infrastructure supporting the Web application, obtaining vulnerability data for the Web application from an external data source according to the infrastructure, deriving a test payload from the vulnerability data using a processor, and determining a type of vulnerability exploited by the test payload. An existing validation operation of a testing system is selected for validating a response from the Web application to the test payload according to the type of vulnerability. | 03-20-2014 |
20140096255 | CORRECTING WORKFLOW SECURITY VULNERABILITIES VIA STATIC ANALYSIS AND VIRTUAL PATCHING - A computer program can be statically analyzed to determine an order in which client side workflows are intended to be implemented by the computer program. A virtual patch can be generated. When executed by a processor, the virtual patch can track web service calls from a client to the computer program, and determine whether the order of the web service calls from the client to the computer program correlate to the order in which client side workflows are intended to be implemented by the computer program. If the order of the web service calls from the client to the computer program do not correlate to the order in which client side workflows are intended to be implemented by the computer program, an alert can be generated. | 04-03-2014 |
20140096258 | CORRECTING WORKFLOW SECURITY VULNERABILITIES VIA STATIC ANALYSIS AND VIRTUAL PATCHING - A computer program can be statically analyzed to determine an order in which client side workflows are intended to be implemented by the computer program. A virtual patch can be generated. When executed by a processor, the virtual patch can track web service calls from a client to the computer program, and determine whether the order of the web service calls from the client to the computer program correlate to the order in which client side workflows are intended to be implemented by the computer program. If the order of the web service calls from the client to the computer program do not correlate to the order in which client side workflows are intended to be implemented by the computer program, an alert can be generated. | 04-03-2014 |
20140130015 | Hybrid Program Analysis - A hybrid program analysis method includes initiating a static program analysis of an application, generating, by a static program analyzer, a query to a dynamic program analyzer upon determining a code construct of the application requiring dynamic analysis, resolving, by the dynamic program analyzer, the query into a set of arguments with which to invoke the code construct of the application, generating, by the dynamic program analyzer, the set of arguments, invoking, by the dynamic program analyzer, the code construct of the application using set of arguments, answering, by the dynamic program analyzer, the query, and continuing the static program analysis of the application. | 05-08-2014 |
20140130019 | Hybrid Program Analysis - A hybrid program analysis method includes initiating a static program analysis of an application, generating, by a static program analyzer, a query to a dynamic program analyzer upon determining a code construct of the application requiring dynamic analysis, resolving, by the dynamic program analyzer, the query into a set of arguments with which to invoke the code construct of the application, generating, by the dynamic program analyzer, the set of arguments, invoking, by the dynamic program analyzer, the code construct of the application using set of arguments, answering, by the dynamic program analyzer, the query, and continuing the static program analysis of the application. | 05-08-2014 |
20140189874 | HYBRID ANALYSIS OF VULNERABLE INFORMATION FLOWS - Arrangements described herein relate to analyzing vulnerable information flows in an application. A black-box scan of the application can be performed to record a call-tree representation of call stacks arising in the application due to test inputs provided during the black-box scan. For each path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, a static analysis can be performed to determine at least one parameter value that, when abstracted, drives execution of the application, via the path, to flow to the at least one security sink. A security report can be generated identifying at least one of the paths in the call-tree representation that does not constitute the vulnerable information flow during the black-box scan, but flows to the at least one security sink when the at least one parameter value is abstracted. | 07-03-2014 |
20140189875 | HYBRID ANALYSIS OF VULNERABLE INFORMATION FLOWS - Arrangements described herein relate to analyzing vulnerable information flows in an application. A black-box scan of the application can be performed to record a call-tree representation of call stacks arising in the application due to test inputs provided during the black-box scan. For each path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, a static analysis can be performed to determine at least one parameter value that, when abstracted, drives execution of the application, via the path, to flow to the at least one security sink. A security report can be generated identifying at least one of the paths in the call-tree representation that does not constitute the vulnerable information flow during the black-box scan, but flows to the at least one security sink when the at least one parameter value is abstracted. | 07-03-2014 |
20140195597 | WEB SERVICES - A method, system, and/or computer program product invokes a web service in a software application. A software application comprises a machine readable description of a functionality to be supported by a web service to be invoked, and a machine readable description of an execution instruction for the web service to be invoked. One or more processors determine/identify a web service that supports the functionality to be supported and the execution instruction for the web service to be invoked. | 07-10-2014 |
20140215614 | SYSTEM AND METHOD FOR A SECURITY ASSESSMENT OF AN APPLICATION UPLOADED TO AN APPSTORE - A method for assessing the level of security of an application to be uploaded to an App Store, comprises: (i) Providing a security system comprising an attack dictionary relevant to a specific device, information regarding security sensitivity grades of subsystems of said device and an Identifier, suitable to recognize the API's related to each of said subsystems and to inspect each line of the code to calculate the maximum security sensitivity grade for each information flow emanating from a given line of code; (ii) For each specific attack present in the attack dictionary, inspecting a code to determine whether the attack is attempted; and (iii) If a suspicion of attack is detected, taking corrective action. | 07-31-2014 |
20140283080 | IDENTIFYING STORED VULNERABILITIES IN A WEB SERVICE - A computer identifies each web method, of a web service, declared in a web services description language (WSDL) file. The computer adds a node within a directed graph for each web method identified. The computer identifies pairs of web methods declared in the WSDL file in which a match exists between an output parameter of one of the web methods and an input parameter of another one of the web methods. The computer adds an edge within the directed graph for each of the pairs of web methods identified. The computer generates one or more sequences of web methods based on nodes connected by edges within the directed graph, wherein each of the one or more sequences includes at least one of the pairs of web methods identified. The computer tests each of the one or more sequences of web methods to identify stored vulnerabilities in the web service. | 09-18-2014 |
20140289657 | SYSTEM AND METHOD FOR REAL-TIME ADAPTATION OF A GUI APPLICATION FOR LEFT-HAND USERS - A method for the adaptation of a graphic user interface (GUI) designed for right-hand users, for the use of left-hand users, comprises the steps of: a) for the application running on a tablet, identifying the controls that make a difference from the perspective of right/left handed users; b) suggesting new coordinates for these controls; and c) changing the coordinates of said controls to adopt the content to the left/right handed users. | 09-25-2014 |
20140359779 | OPTIMIZING TEST DATA PAYLOAD SELECTION FOR TESTING COMPUTER SOFTWARE APPLICATIONS VIA COMPUTER NETWORKS - Testing a computer software application by configuring a first computer to execute a copy of data-checking software used by a computer software application at a second computer, processing a first copy of a test data payload using the data-checking software at the first computer, where the test data payload is configured to test for an associated security vulnerability, determining that the first copy of the test data payload is endorsed by the data-checking software at the first computer for further processing, and sending a second copy of the test data payload via a computer network to the computer software application at the second computer for processing threat. | 12-04-2014 |
20150067762 | METHOD AND SYSTEM FOR CONFIGURING SMART HOME GATEWAY FIREWALL - A secured smart home system having (a) a smart-home gateway with a firewall protection; (b) plurality of appliances connected to the gateway and located at a secured side of the firewall; and (c) a remote environment classification server located at a non-secured side of the firewall, for providing a firewall policy to the gateway. The gateway submits a list of the appliances to the remote environment classification server, and the classification server provides in response the firewall policy to the gateway. | 03-05-2015 |