POINT-WISE PROTECTION OF APPLICATION USING RUNTIME AGENT AND DYNAMIC SECURITY ANALYSIS

US 20170187743A1
Filed: 05/20/2014
Published: 06/29/2017
Est. Priority Date: 05/20/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a server to host an application under test (AUT), wherein the server includes a runtime agent; and

a computing device communicatively coupled to the AUT including a security test engine and a patch engine, the security test engine to;

perform an dynamic security analysis on the AUT to determine a vulnerability, wherein the dynamic security analysis also includes a communication to the runtime agent to trace information in the dynamic security analysis; and

the patch engine to;

provide a vulnerability solution recommendation for the vulnerability;

receive input selecting the vulnerability solution recommendation; and

generate a point-wise protection based on the input capable of being implemented using a second runtime agent to alleviate the vulnerability.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments disclosed herein relate to generating a point-wise protection based on dynamic security analysis. Vulnerability solution recommendation are provided based on the dynamic security analysis. A point-wise protection is generated based on a selection of the vulnerability solution recommendation.

38 Citations

View as Search Results

15 Claims

1. A system comprising:
- a server to host an application under test (AUT), wherein the server includes a runtime agent; and
  
  a computing device communicatively coupled to the AUT including a security test engine and a patch engine, the security test engine to;
  
  perform an dynamic security analysis on the AUT to determine a vulnerability, wherein the dynamic security analysis also includes a communication to the runtime agent to trace information in the dynamic security analysis; and
  
  the patch engine to;
  
  provide a vulnerability solution recommendation for the vulnerability;
  
  receive input selecting the vulnerability solution recommendation; and
  
  generate a point-wise protection based on the input capable of being implemented using a second runtime agent to alleviate the vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1,wherein implementation of the point-wise protection includes adding a security check.
  - 3. The system of claim 2,wherein if the security check is failed, a security action is taken via the second runtime agent.
  - 4. The system of claim 1, further comprising:
    - a second server to host a second application of a same version as the AUT and using the second runtime agent;
      
      wherein the computing system is further to provide the second server with the point-wise protection; and
      
      wherein the second runtime agent is to implement the point-wise protection.
  - 5. The system of claim 4,wherein implementation of the point-wise protection causes the second runtime agent to execute the point-wise protection when a point of the code of the second application is reached, and wherein the point of code is determined based on the trace information.
  - 6. The system of claim 1, wherein the trace information includes a point of code of the AUT associated with the vulnerability and the security test engine further provides a stack trace.
  - 7. The system of claim 6, wherein the stack trace includes a set of active stack frames of the AUT when the vulnerability occurred.

8. A non-transitory machine-readable storage medium storing instructions that, if executed by at least one processor of a computing system, cause the computing system to:
- perform a dynamic security analysis test on an application under test (AUT) to determine at least one vulnerability, wherein the security analysis test includes communication with a runtime agent executing with the AUT to receive trace information of the AUT;
  
  classify the at least one vulnerability;
  
  provide at least one vulnerability solution recommendation for the classified at least one vulnerability;
  
  receive a selection of one of the at least one vulnerability solution recommendation; and
  
  generate a point-wise protection based on the selection, wherein the point-wise protection is capable of being implemented by a second application using a second runtime agent.
- View Dependent Claims (9, 10, 11)
- - 9. The non-transitory machine-readable storage medium of claim 8, wherein the second application is of a same version as the AUT, and wherein the point-wise protection causes the second runtime agent to execute the point-wise protection when a point of code of the second application is reached.
  - 10. The non-transitory machine-readable storage medium of claim 9, wherein the point of the code is determined based on the trace information.
  - 11. The non-transitory machine-readable storage medium of claim 8, wherein trace information includes a stack trace that includes a set of active stack frames of the AUT when the vulnerability occurred.

12. A method comprising:
- performing a dynamic security analysis test on an application under test (AUT) to determine a vulnerability, wherein the dynamic security analysis test includes communication with a runtime agent executing with the AUT to receive trace information of the AUT, wherein the trace information includes at least one location of code of the AUT;
  
  providing at least one vulnerability solution recommendation for the vulnerability;
  
  receiving a selection of one of the at least one vulnerability solution recommendation; and
  
  generating a point-wise protection based on the selection, wherein the point-wise protection is capable of being implemented by a second application using a second runtime agent.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, further comprising:
    - receiving, by the runtime agent, a trace request during the security test;
      
      monitoring, by the runtime agent, execution of the AUT to determine the trace information; and
      
      sending the trace information to a security test engine performing the security test.
  - 14. The method of claim 13, wherein the trace information includes a stack trace that includes a set of active stack frames of the AUT when the vulnerability occurred, the method further comprising:
    - classifying, by the security test engine, the vulnerability; and
      
      looking up the at least one possible patch option from a data structure based on the classification.
  - 15. The method of claim 12,wherein implementation of the point-wise protection includes adding a security check, andwherein if the security check is failed, a security action is taken via the second runtime agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Madou, Matias, SECHMAN, Ronald J., NG MING SUM, Sam

Granted Patent

US 10,587,641 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

POINT-WISE PROTECTION OF APPLICATION USING RUNTIME AGENT AND DYNAMIC SECURITY ANALYSIS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

POINT-WISE PROTECTION OF APPLICATION USING RUNTIME AGENT AND DYNAMIC SECURITY ANALYSIS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others