SYSTEM AND METHOD FOR IMPROVING COVERAGE FOR WEB CODE
First Claim
1. A computer-implemented method for improving code coverage for web code analyzed for security purposes, the method comprising:
- receiving web content including the web code;
locating conditional statements in the web code;
generating a modified version of web code; and
performing dynamic analysis on the modified version of web code for detecting malicious code.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for improving code coverage for web code that is analyzed for security purposes by dynamic code execution are described. A controller receives information, routes the information to the appropriate engine, analyzer or module and provides the functionality for improving code coverage for code analyzed for security purposes. A code rewrite engine rewrites code in such a way that all branches and stray functions will be executed. A dynamic analyzer performs dynamic analysis on web content to detect malicious code. Additionally, a static analyzer performs static analysis on web content. The static analyzer scans web content and detects a style of coding, a style of obfuscation of the code or patterns in the code.
-
Citations
20 Claims
-
1. A computer-implemented method for improving code coverage for web code analyzed for security purposes, the method comprising:
-
receiving web content including the web code; locating conditional statements in the web code; generating a modified version of web code; and performing dynamic analysis on the modified version of web code for detecting malicious code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for improving code coverage for web code analyzed for security purposes comprising:
-
a processor; a controller stored on a memory and executable by the processor, the controller for receiving web content including web code; a scanner that is coupled to the controller, the scanner for locating conditional statements in the web code; a code rewrite engine that is coupled to the controller, the code rewrite engine for generating a modified version of web code; and a dynamic analyzer that is coupled to the controller, the dynamic analyzer for performing dynamic analysis on the modified version of web code for detecting malicious code. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A computer program product comprising a computer usable storage medium including a computer readable program, the computer readable program when executed by a processor causes the processor to:
-
receive web content including the web code; locate conditional statements in the web code; generate a modified version of web code; and perform dynamic analysis on the modified version of web code for detecting malicious code. - View Dependent Claims (17, 18, 19, 20)
-
Specification