Patent application number | Description | Published |
20110162072 | DETERMINING THE VULNERABILITY OF COMPUTER SOFTWARE APPLICATIONS TO ATTACKS - Determining the vulnerability of computer software applications to attacks by identifying a defense-related variable within a computer software application that is assigned results of a defense operation defending against a predefined type of attack, identifying a control-flow predicate dominating a security-sensitive operation within the application, identifying a data-flow dependent variable in the application that is data-flow dependent on the defense-related variable, determining whether the control-flow predicate uses the data-flow dependent variable to make a branching decision and whether a control-flow path leading to the security-sensitive operation is taken only if the data-flow dependent variable is compared against a value of a predefined type, determining that the security-sensitive operation is safe from the attack if both control-flow conditions are true, and determining that the application is safe from the attack if all security-sensitive operations in the application are determined to be safe from the attack. | 06-30-2011 |
20110321168 | THWARTING CROSS-SITE REQUEST FORGERY (CSRF) AND CLICKJACKING ATTACKS - Embodiments of the invention generally relate to thwarting fraud perpetrated with a computer by receiving a request from a computer to perform a transaction. Embodiments of the invention may include receiving the request together with transaction data and a cookie, where the transaction data are separate from the cookie; determining in accordance with predefined validation criteria whether the cookie includes a valid representation of the transaction data; and performing the transaction only if the cookie includes a valid representation of the transaction data. | 12-29-2011 |
20140068563 | COMPUTER SOFTWARE APPLICATION SELF-TESTING - Testing a computer software application by detecting an arrival of input data provided as input to a computer software application from a source external to the computer software application, modifying the detected input data to include test data configured to test the computer software application in accordance with a predefined test, thereby creating a modified version of the detected input data, and processing the modified version of the detected input data, thereby performing the predefined test on the computer software application using the test data. | 03-06-2014 |
20140096240 | IDENTIFYING WHETHER AN APPLICATION IS MALICIOUS - Identifying whether a first application is malicious. The first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. When the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, an alert can be generated indicating that the first application is malicious. | 04-03-2014 |
20140096248 | IDENTIFYING WHETHER AN APPLICATION IS MALICIOUS - Identifying whether a first application is malicious. The first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. When the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, an alert can be generated indicating that the first application is malicious. | 04-03-2014 |
20140129620 | INDICATING COVERAGE OF WEB APPLICATION TESTING - Testing a system under test includes intercepting, within a proxy system, a request from a client system sent to the system under test. The request is analyzed within the proxy system and sent to the system under test. Within the proxy system, a response from the system under test sent to the client system is intercepted. The response is instrumented creating a modified response indicating test coverage according to the request. The modified response is sent to the client system. | 05-08-2014 |
20140129877 | COLLABORATIVE APPLICATION TESTING - A method, computer program product, and computer system for performing, at a computing device, an analysis of a web application. A response is annotated by the web application with coverage data based upon, at least in part, the analysis, wherein the coverage data indicates which actions have been performed on the web application and which actions have not been performed on the web application according to results of the analysis. The response that includes the coverage data is shared with one or more users. | 05-08-2014 |
20140129878 | INDICATING COVERAGE OF WEB APPLICATION TESTING - Testing a system under test includes intercepting, within a proxy system, a request from a client system sent to the system under test. The request is analyzed within the proxy system and sent to the system under test. Within the proxy system, a response from the system under test sent to the client system is intercepted. The response is instrumented creating a modified response indicating test coverage according to the request. The modified response is sent to the client system. | 05-08-2014 |
20140129915 | COLLABORATIVE APPLICATION TESTING - A method, computer program product, and computer system for performing, at a computing device, an analysis of a web application. A response is annotated by the web application with coverage data based upon, at least in part, the analysis, wherein the coverage data indicates which actions have been performed on the web application and which actions have not been performed on the web application according to results of the analysis. The response that includes the coverage data is shared with one or more users. | 05-08-2014 |
20140157418 | DETECTING SECURITY VULNERABILITIES ON COMPUTING DEVICES - Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability. | 06-05-2014 |
20140373158 | DETECTING SECURITY VULNERABILITIES ON COMPUTING DEVICES - Identifying security vulnerabilities on computing devices by gathering information about a first software application with which a computing device is configured, selecting, using any of the information, an attack specification from a set of predefined attack specifications, attacking the first software application on the computing device with an attack that is in accordance with the selected attack specification, identifying a post-attack condition associated with the first software application, determining whether the post-attack condition is consistent with a predefined security vulnerability, and performing a predefined action associated with the predefined security vulnerability responsive to determining that the post-attack condition is consistent with the predefined security vulnerability, where the gathering, selecting, attacking, identifying, determining, and performing are performed by a second software application during execution of the second software application on the computing device. | 12-18-2014 |