Runtime analysis of software security vulnerabilities
First Claim
1. A computer program product comprising a program stored on a non-transitory computer-readable medium containing an executable set of instructions for detecting a vulnerability in a software application in a database system, the set of instructions operable to:
- store defined vulnerabilities that identify operations in the software application vulnerable to the security risk and are each associated with one or more input tags and one or more sanitization tags;
receive by the software application in the database system a request from a user system;
at runtime of the application, assign one or more of the input tags to one or more objects associated with the request, wherein the input tags identify the request as potentially malicious and carrying a security risk;
at runtime of the application, assign one or more of the sanitization tags to the one or more objects associated with the request to indicate security checks performed on the objects;
at runtime of the application, identify output responses to the request that include the one or more objects, and compare the input tags assigned to the one or more objects with any of the sanitization tags assigned to the objects;
responsive to the input tags for the one or more objects not having corresponding assigned ones of the sanitization tags, reporting the software application as vulnerable to the security risk.
2 Assignments
0 Petitions
Accused Products
Abstract
During runtime of the software application, the runtime analysis framework may assign input tags to objects associated with the user requests. The input tags may identify the requests as potentially malicious and carry a security risk. The RTA framework then may assign sanitization tags to the objects identifying security checks performed on the objects during runtime. The RTA framework identifies output responses to the user requests that include the objects and compares the input tags assigned to the objects with any sanitization tags assigned to the objects. The RTA framework may identify the software application as susceptible to a security vulnerability when the input tags for the objects do not include corresponding sanitization tags.
-
Citations
13 Claims
-
1. A computer program product comprising a program stored on a non-transitory computer-readable medium containing an executable set of instructions for detecting a vulnerability in a software application in a database system, the set of instructions operable to:
-
store defined vulnerabilities that identify operations in the software application vulnerable to the security risk and are each associated with one or more input tags and one or more sanitization tags; receive by the software application in the database system a request from a user system; at runtime of the application, assign one or more of the input tags to one or more objects associated with the request, wherein the input tags identify the request as potentially malicious and carrying a security risk; at runtime of the application, assign one or more of the sanitization tags to the one or more objects associated with the request to indicate security checks performed on the objects; at runtime of the application, identify output responses to the request that include the one or more objects, and compare the input tags assigned to the one or more objects with any of the sanitization tags assigned to the objects; responsive to the input tags for the one or more objects not having corresponding assigned ones of the sanitization tags, reporting the software application as vulnerable to the security risk. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for detecting vulnerabilities in a software application operating in a database system, comprising:
-
a processor; and memory storing one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; storing defined vulnerabilities that identify operations in the software application vulnerable to the security risk and are each associated with one or more input tags and one or more sanitization tags; assigning the one or more of the input tags to objects returned by input methods in the software application, wherein the input tags identify the objects as potentially malicious and security risks; assigning the one or more of the sanitization tags to the one or more objects associated with the request, wherein the sanitization tags identify security checks performed on the objects; identifying output responses to the request that include the one or more objects, and comparing the input tags assigned to the one or more objects with any of the sanitization tags assigned to the objects; and responsive to the input tags for the one or more objects not having corresponding assigned ones of the sanitization tags, generating a report reporting the software application as vulnerable to the security risk. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification