Vulnerability analysis of software components
First Claim
1. A computer-implemented method for monitoring security of an application, the method being executed by one or more processors and comprising:
- receiving, by the one or more processors, the application developed by a first vendor;
processing, by the one or more processors, the application using an application analysis system that comprises a plurality of analysis sensors, processing comprising;
identifying a plurality of software components used by the application that were developed by vendors other than the first vendor using a first sensor of the application analysis system to provide first component information, and a second sensor of the application analysis system to provide second component information, the first sensor comprising a binary analysis sensor configured to de-compose and analyze the application to provide the first component information comprising post-compilation information corresponding to a first portion of the plurality of software components that are included in the application after compilation, the second sensor comprising a deployment sensor configured to monitor a test deployment of the application in an execution environment based on runtime dependencies of the application and to provide the second component information comprising deployment information, andproviding a list of third-party software components associated with the application at least partially by performing a correlation of the post-compilation information and the deployment information, the list comprising each of the identified software components and component information comprising origins of the identified software components, version information, and vulnerability information, wherein the correlation eliminates duplication of the identified software components and avoids missing application components that are visible for only one of the first sensor and the second sensor;
for each software component included in the list, processing, by the one or more processors, the component information to determine a vulnerability of the software component; and
correcting the vulnerability of the software component by selectively providing a code to a computing device configured to execute the application, in response to determining the vulnerability of the software component.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving an application developed by a first vendor. Processing the application, by performing a byte-code analysis of the application, to: identify a plurality of software components used by the application that were developed by vendors other than the first vendor, and provide a list of third-party software components associated with the application, the list including each of the identified software components. determining, for each software component included in the list, whether the software component has a vulnerability and, if so, selectively providing code to correct the vulnerability of the software component.
-
Citations
19 Claims
-
1. A computer-implemented method for monitoring security of an application, the method being executed by one or more processors and comprising:
-
receiving, by the one or more processors, the application developed by a first vendor; processing, by the one or more processors, the application using an application analysis system that comprises a plurality of analysis sensors, processing comprising; identifying a plurality of software components used by the application that were developed by vendors other than the first vendor using a first sensor of the application analysis system to provide first component information, and a second sensor of the application analysis system to provide second component information, the first sensor comprising a binary analysis sensor configured to de-compose and analyze the application to provide the first component information comprising post-compilation information corresponding to a first portion of the plurality of software components that are included in the application after compilation, the second sensor comprising a deployment sensor configured to monitor a test deployment of the application in an execution environment based on runtime dependencies of the application and to provide the second component information comprising deployment information, and providing a list of third-party software components associated with the application at least partially by performing a correlation of the post-compilation information and the deployment information, the list comprising each of the identified software components and component information comprising origins of the identified software components, version information, and vulnerability information, wherein the correlation eliminates duplication of the identified software components and avoids missing application components that are visible for only one of the first sensor and the second sensor; for each software component included in the list, processing, by the one or more processors, the component information to determine a vulnerability of the software component; and correcting the vulnerability of the software component by selectively providing a code to a computing device configured to execute the application, in response to determining the vulnerability of the software component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for monitoring security of an application, the system comprising:
-
one or more computers; and a computer-readable medium coupled to the one or more computers having instructions stored thereon which, when executed by the one or more computers, cause the one or more computers to perform operations, the operations comprising; receiving the application developed by a first vendor; processing the application using an application analysis system that comprises a plurality of analysis sensors, processing comprising; identifying a plurality of software components used by the application that were developed by vendors other than the first vendor using a first sensor of the application analysis system to provide first component information, and a second sensor of the application analysis system to provide second component information, the first sensor comprising a binary analysis sensor configured to de-compose and analyze the application to provide the first component information comprising post-compilation information corresponding to a first portion of the plurality of software components that are included in the application after compilation, the second sensor comprising a deployment sensor configured to monitor a test deployment of the application in an execution environment based on runtime dependencies of the application and to provide the second component information comprising deployment information, and providing a list of third-party software components associated with the application at least partially by performing a correlation of the post-compilation information and the deployment information, the list comprising each of the identified software components and component information comprising origins of the identified software components, version information, and vulnerability information, wherein the correlation eliminates duplication of the identified software components and avoids missing application components that are visible for only one of the first sensor and the second sensor; for each software component included in the list, processing the component information to determine a vulnerability of the software component; and correcting the vulnerability of the software component by selectively providing a code to a computing device configured to execute the application, in response to determining the vulnerability of the software component.
-
-
19. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for monitoring security of an application, the operations comprising:
-
receiving the application developed by a first vendor; processing the application using an application analysis system that comprises a plurality of analysis sensors, processing comprising; identifying a plurality of software components used by the application that were developed by vendors other than the first vendor using a first sensor of the application analysis system to provide first component information, and a second sensor of the application analysis system to provide second component information, the first sensor comprising a binary analysis sensor configured to de-compose and analyze the application to provide the first component information comprising post-compilation information corresponding to a first portion of the plurality of software components that are included in the application after compilation, the second sensor comprising a deployment sensor configured to monitor a test deployment of the application in an execution environment based on runtime dependencies of the application and to provide the second component information comprising deployment information, and providing a list of third-party software components associated with the application at least partially by performing a correlation of the post-compilation information and the deployment information, the list comprising each of the identified software components and component information comprising origins of the identified software components, version information, and vulnerability information, wherein the correlation eliminates duplication of the identified software components and avoids missing application components that are visible for only one of the first sensor and the second sensor; for each software component included in the list, processing the component information to determine a vulnerability of the software component; and correcting the vulnerability of the software component bar selectively providing a code to a computing device configured to execute the application, in response to determining the vulnerability of the software component.
-
Specification