DETECTION OF VULNERABILITIES IN COMPUTER SYSTEMS

US 20140165204A1
Filed: 02/11/2014
Published: 06/12/2014
Est. Priority Date: 03/19/2010
Status: Active Grant

First Claim

Patent Images

1. A method for detecting a presence of at least one vulnerability in an application, the method comprising:

modifying instructions of the application to include at least one monitor adapted to generate an action snapshot of an action performed by the application, wherein the action snapshot includes at least some data associated with the action;

storing the action snapshot with other stored action snapshots generated by the at least one monitor during the execution of the application when respective actions were performed by the application;

analyzing, from within the application, the stored action snapshots;

detecting the presence of at least one vulnerability in the application based on the analysis of the stored action snapshots; and

reporting the presence of at least one vulnerability in the application as detected based on the analysis of the stored action snapshots.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and apparatus, including computer program products, for detecting a presence of at least one vulnerability in an application. The method is provided that includes modifying instructions of the application to include at least one sensor that is configurable to generate an event indicator, wherein the event indicator includes at least some data associated with the event; storing the event indicator with other stored event indicators generated by the at least one sensor during the execution of the application; analyzing the stored event indicators; detecting a presence of at least one vulnerability in the application based on the analysis of the stored event indicators; and reporting the presence of at least one vulnerability.

103 Citations

View as Search Results

22 Claims

1. A method for detecting a presence of at least one vulnerability in an application, the method comprising:
- modifying instructions of the application to include at least one monitor adapted to generate an action snapshot of an action performed by the application, wherein the action snapshot includes at least some data associated with the action;
  
  storing the action snapshot with other stored action snapshots generated by the at least one monitor during the execution of the application when respective actions were performed by the application;
  
  analyzing, from within the application, the stored action snapshots;
  
  detecting the presence of at least one vulnerability in the application based on the analysis of the stored action snapshots; and
  
  reporting the presence of at least one vulnerability in the application as detected based on the analysis of the stored action snapshots.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 1, 12, 13, 14, 15, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, further comprising:
    - reducing the performance impact of monitoring by configuring the at least one monitor in such a way that application execution paths are monitored the first time they are executed and only periodically thereafter.
  - 3. The method of claim 1, further comprising:
    - caching the modified instructions of the application in such a way that the at least one monitor can be applied more quickly to the application.
  - 4. The method of claim 1, wherein modifying the instructions of the application snapshots further includes at least one monitor adapted to generate an action snapshot of an action selected based on the action snapshots generated by other monitors.
  - 5. The method of claim 1, wherein analyzing the at least one action snapshot further comprises:
    - tracking properties of the data in the at least one action snapshot using at least one tag assigned to at least one part of said data.
  - 6. The method of claim 1, wherein analyzing the stored application snapshots further comprises:
    - analyzing stored application snapshots generated from more than one application.
  - 7. The method of claim 1 wherein analyzing the stored application snapshots further comprises:
    - identifying previously identified vulnerabilities that share execution paths with at least one action snapshot to determine if said vulnerabilities are no longer present in the application.
  - 8. The method of claim 1, wherein detecting the presence of at least one vulnerability further comprises:
    - detecting the presence of at least one publically known vulnerability in a component used in the application.
  - 10. The method of claim 1, wherein the at least one monitor is adapted to create action snapshots based on the data in HTTP requests and responses that are either received or transmitted by the running application.
  - 11. The method of claim 1, wherein the at least one monitor is adapted to create action snapshots based on configuration information for the application.
  - 1x. x. The method of claim 1, wherein the at least one monitor is adapted to create action snapshots based on configuration information for the application, such as property files, xml documents, and initialization files.
  - 12. The method of claim 1, wherein the at least one monitor is adapted to create action snapshots containing the source code or decompiled binary code for the running application.
  - 13. The method of claim 1, wherein modifying the instructions of the application snapshots further includes at least one monitor adapted to generate an action snapshot of an action selected by testing and analyzing the runtime behavior of a run-time library or run time component.
  - 14. The method of claim 1, further comprising:
    - generating a visual representation of the security architecture of the application based on the analysis of stored action snapshots.
  - 15. The method of claim 1, further comprising:
    - reporting the execution paths in the application that have and have not been executed, thus revealing which portions of code have not been monitored for vulnerabilities.
  - 17. The method of claim 1, wherein reporting the presence of at least one vulnerability further includes reporting a web application firewall rule designed to remediate said vulnerability.
  - 18. The method of claim 1, wherein reporting the presence of at least one injection vulnerability further includes:
    - reporting the appropriate encoding scheme to remediate said injection vulnerability based on the contextual data in at least one action snapshot.
  - 19. The method of claim 1, wherein reporting the presence of at least one vulnerability further includes:
    - reporting remediation advice tailored to the specific application on the basis of other action snapshots.
  - 20. The method of claim 1, wherein reporting the presence of at least one vulnerability further includes reporting the code required to patch a vulnerability.
  - 21. The method of claim 1, wherein modifying the instructions of the application further comprises:
    - dynamically patching the code segment at a run-time of the application.
  - 22. The method of claim 21, wherein the code segment to be patched is a software component or library that is a part of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Contrast Security, LLC
Original Assignee
Aspect Security Inc. (Ernst & Young LLP)
Inventors
Williams, Jeffrey, Dabirsiaghi, Arshan

Granted Patent

US 9,268,945 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/02   for separating internal fro...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

DETECTION OF VULNERABILITIES IN COMPUTER SYSTEMS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

103 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

DETECTION OF VULNERABILITIES IN COMPUTER SYSTEMS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links