SYSTEM AND METHOD FOR IMPROVING COVERAGE FOR WEB CODE

US 20110307954A1
Filed: 06/07/2011
Published: 12/15/2011
Est. Priority Date: 06/11/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for improving code coverage for web code analyzed for security purposes, the method comprising:

receiving web content including the web code;

locating conditional statements in the web code;

generating a modified version of web code; and

performing dynamic analysis on the modified version of web code for detecting malicious code.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for improving code coverage for web code that is analyzed for security purposes by dynamic code execution are described. A controller receives information, routes the information to the appropriate engine, analyzer or module and provides the functionality for improving code coverage for code analyzed for security purposes. A code rewrite engine rewrites code in such a way that all branches and stray functions will be executed. A dynamic analyzer performs dynamic analysis on web content to detect malicious code. Additionally, a static analyzer performs static analysis on web content. The static analyzer scans web content and detects a style of coding, a style of obfuscation of the code or patterns in the code.

Citations

20 Claims

1. A computer-implemented method for improving code coverage for web code analyzed for security purposes, the method comprising:
- receiving web content including the web code;
  
  locating conditional statements in the web code;
  
  generating a modified version of web code; and
  
  performing dynamic analysis on the modified version of web code for detecting malicious code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, wherein generating the modified version of web code includes rewriting the conditional statements in a form for unconditionally executing each branch related to the conditional statements.
  - 3. The computer-implemented method of claim 1, wherein generating the modified version of web code includes adding special markers to each branch related to the conditional statements.
  - 4. The computer-implemented method of claim 3, further comprising gathering statistics related to code coverage based on a triggering of the special markers in the dynamic analysis.
  - 5. The computer-implemented method of claim 3, further comprising performing static analysis on each branch not executed in the dynamic analysis.
  - 6. The computer-implemented method of claim 1, wherein performing dynamic includes deobfuscating the web code and determining the essence of the malicious code.
  - 7. The computer-implemented method of claim 5, further comprising performing static analysis on dynamically created code generated during the dynamic analysis.
  - 8. The computer-implemented method of claim 1, wherein performing dynamic analysis comprises:
    - making a first pass scan for detecting a query of a value of an environment parameter; and
      
      detecting a branch based on the value of the environmental parameter.
  - 9. The computer-implemented method of claim 8, wherein performing dynamic analysis further comprises:
    - queuing a second pass scan with a different value for the environmental parameter; and
      
      making the second pass scan after completion of the first pass scan.
  - 10. The computer-implemented method of claim 1, further comprises remediating the malicious code.

11. A system for improving code coverage for web code analyzed for security purposes comprising:
- a processor;
  
  a controller stored on a memory and executable by the processor, the controller for receiving web content including web code;
  
  a scanner that is coupled to the controller, the scanner for locating conditional statements in the web code;
  
  a code rewrite engine that is coupled to the controller, the code rewrite engine for generating a modified version of web code; and
  
  a dynamic analyzer that is coupled to the controller, the dynamic analyzer for performing dynamic analysis on the modified version of web code for detecting malicious code.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein the code rewrite engine generates the modified version of web code by rewriting the conditional statements in a form for unconditionally executing each branch related to the conditional statements.
  - 13. The system of claim 11, wherein the code analyzer generates the modified version web code by adding special markers to each branch related to the conditional statements.
  - 14. The system of claim 13, further comprising a statistics module that is coupled to the controller, the statistics module for gathering statistics related to code coverage based on a triggering of the special markers in the dynamic analysis.
  - 15. The system of claim 11, further comprising a static analyzer that is coupled to the controller, the static analyzer for performs static analysis on each branch not executed in the dynamic analysis.

16. A computer program product comprising a computer usable storage medium including a computer readable program, the computer readable program when executed by a processor causes the processor to:
- receive web content including the web code;
  
  locate conditional statements in the web code;
  
  generate a modified version of web code; and
  
  perform dynamic analysis on the modified version of web code for detecting malicious code.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein generate the modified version of web code comprises:
    - rewrite the conditional statements in a form for unconditionally executing each branch related to the conditional statements.
  - 18. The computer program product of claim 16, wherein generate the modified version of web code comprises:
    - rewrite the conditional statements in a form for unconditionally executing each branch related to the conditional statements.
  - 19. The computer program product of claim 16, wherein perform dynamic analysis comprises:
    - make a first pass scan for detecting a query of a value of an environment parameter; and
      
      detect a branch based on the value of the environmental parameter.
  - 20. The computer program product of claim 19, wherein perform dynamic analysis further comprises:
    - queue a second pass scan with a different value for the environmental parameter; and
      
      make the second pass scan after completion of the first pass scan.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustwave Holdings Incorporated (Singapore Telecommunications Limited)
Original Assignee
M86 Security Incorporated (Singapore Telecommunications Limited)
Inventors
Kaplan, Mark, Melnik, Artem

Granted Patent

US 8,914,879 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/563   by source code analysis

G06F 40/154   Tree transformation for tre...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1408   by monitoring network traff...

H04L 63/168   above the transport layer

SYSTEM AND METHOD FOR IMPROVING COVERAGE FOR WEB CODE

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR IMPROVING COVERAGE FOR WEB CODE

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links