Detection of vulnerabilities in computer systems

US 20110231936A1
Filed: 08/27/2010
Published: 09/22/2011
Est. Priority Date: 03/19/2010
Status: Active Grant

First Claim

Patent Images

1. A method for detecting a presence of at least one vulnerability in an application, the method comprising:

modifying instructions of the application to include at least one sensor that is configurable to generate an event indicator, wherein the event indicator includes at least some data associated with the event;

storing the event indicator with other stored event indicators generated by the at least one sensor during the execution of the application;

analyzing the stored event indicators;

detecting a presence of at least one vulnerability in the application based on the analysis of the stored event indicators; and

reporting the presence of at least one vulnerability.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and apparatus, including computer program products, for detecting a presence of at least one vulnerability in an application. The method is provided that includes modifying instructions of the application to include at least one sensor that is configurable to generate an event indicator, wherein the event indicator includes at least some data associated with the event; storing the event indicator with other stored event indicators generated by the at least one sensor during the execution of the application; analyzing the stored event indicators; detecting a presence of at least one vulnerability in the application based on the analysis of the stored event indicators; and reporting the presence of at least one vulnerability.

128 Citations

23 Claims

1. A method for detecting a presence of at least one vulnerability in an application, the method comprising:
- modifying instructions of the application to include at least one sensor that is configurable to generate an event indicator, wherein the event indicator includes at least some data associated with the event;
  
  storing the event indicator with other stored event indicators generated by the at least one sensor during the execution of the application;
  
  analyzing the stored event indicators;
  
  detecting a presence of at least one vulnerability in the application based on the analysis of the stored event indicators; and
  
  reporting the presence of at least one vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the instructions of the application are modified at a run time during the execution of the application.
  - 3. The method of claim 1, wherein the instructions of the application are modified before the execution of the application.
  - 4. The method of claim 1, wherein analyzing the stored indicators further includes correlating the stored event indicators.
  - 5. The method of claim 1, wherein detecting the presence of at least one vulnerability in the application based on the analysis of the stored event indicators further includes generating a trace of events associated with the vulnerability.
  - 6. The method of claim 5, wherein reporting the presence of at least one vulnerability further includes reporting the presence of at least one vulnerability based on the generated trace of events associated with the vulnerability.
  - 7. The method of claim 1 wherein the reported presence of at least one vulnerability includes at least one of the following vulnerabilities:
    - SQL injection, command injection, cross-site scripting, weak cryptography, cross-site request forgery, insecure transport, insecure redirect, parameter tampering, session hijacking, security misconfiguration, weak authentication, broken access control, and weak input validation.
  - 8. The method of claim 1, wherein modifying instructions of the application to include at least one sensor further includes modifying instructions of the application to include at least one sensor based on at least one security rule.
  - 9. The method of claim 8, wherein the security rule verifies that the application has a code segment that prevents a vulnerability risk.
  - 10. The method of claim 8, wherein the security rule verifies that the application does not have a code segment that creates a vulnerability risk.
  - 11. The method of claim 8, wherein the security rule includes description of a triggering condition that, when satisfied, causes the sensor to generate an indicator of an event.
  - 12. The method of claim 11, wherein the triggering condition is satisfied when the application fails to securely authenticate a request or a response.
  - 13. The method of claim 11, wherein the triggering condition is satisfied when the application fails to securely authorize a request.
  - 14. The method of claim 11, wherein the triggering condition is satisfied when the application does not securely validate or encode data.
  - 15. The method of claim 11, wherein the triggering condition is satisfied when the application fails to use secure communications during its execution.
  - 16. The method of claim 11, wherein the triggering condition is satisfied when the application fails to use secure encryption during its execution.
  - 17. The method of claim 11, wherein the triggering condition is satisfied when the application fails to prevent caching of its data.

18. A system for detecting vulnerabilities in an application, the system comprising:
- an instrumentation module structured and arranged to modify instructions of the application to include at least one sensor that is configurable to generate an event indicator, wherein the event indicator includes at least some data associated with the event;
  
  a tracking module structured and arranged to;
  
  store the event indicator with the other stored event indicators generated by the at least one sensor during the execution of the application;
  
  analyze the stored event indicators, anddetect a presence of at least one vulnerability in the application based on the analysis of the stored event indicators; and
  
  a reporting module structured and arranged to report the presence of at least one vulnerability.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the tracking module further includes a correlation module structured and arranged to correlate the stored event indicators.
  - 20. The system of claim 18 further including a security rule editor module structured and arranged to edit or add a security rule for causing the sensor to generate an the event indicator based on at least one security rule.

21. A computer readable medium including stored executable instructions for detecting a vulnerability in an application executing on at least one processor, the medium comprising instructions for causing the processor to:
- modify instructions of the application to include at least one sensor that is configurable to generate an event indicator, wherein the event indicator includes at least some data associated with the event;
  
  store the event indicator with other stored event indicators generated by the at least one sensor during the execution of the application;
  
  analyze the stored event indicators;
  
  detect a presence of at least one vulnerability in the application based on the analysis of the stored event indicators; and
  
  report the presence of at least one vulnerability.
- View Dependent Claims (22, 23)
- - 22. The medium of claim 21 further including instructions that cause the processor to generate a trace of events associated with the vulnerability.
  - 23. The medium of claim 22 further including instructions that cause the processor to report the presence of at least one vulnerability based on the generated trace of events associated with the vulnerability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Contrast Security, LLC
Original Assignee
Aspect Security Inc. (Ernst & Young LLP)
Inventors
Dabirsiaghi, Arshan, Sheridan, Eric, Williams, Jeffrey

Granted Patent

US 8,458,798 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

Detection of vulnerabilities in computer systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

128 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of vulnerabilities in computer systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

128 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links