Architecture for automated detection and analysis of security issues
First Claim
Patent Images
1. A method implemented at least in part by a computing device comprising:
- disabling fuzzing for at least one test case to be run against at least one system under test;
receiving at least one notification of at least one non-fuzzed test case to be run against the system under test;
establishing a baseline profile indicating performance of the system under test when processing the non-fuzzed test case;
enabling fuzzing for at least one fuzzed test case to be run against the system under test;
receiving notification of the fuzzed test case;
running at least one fuzzed test case against the system under test;
monitoring the system under test when the system under test is processing the fuzzed test case;
monitoring the system under test for one or more security flaws;
detecting whether the system under test contains one or more security flaws; and
in response to the detection of one or more security flaws, assigning a criticality level to the one or more security flaws.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and/or techniques (“tools”) that relate to an architecture for automated detection and analysis of security issues are described herein. One aspect of the tools provides a watchdog application that generates fizzing signals that enable or disable fuzzing of test cases that are to be received by the watchdog application. The watchdog application also receives notifications of test cases that are to be executed on a system under test with which the watchdog application is associated. Finally, the watchdog application monitors the system under test when it is executing the test case.
-
Citations
17 Claims
-
1. A method implemented at least in part by a computing device comprising:
-
disabling fuzzing for at least one test case to be run against at least one system under test; receiving at least one notification of at least one non-fuzzed test case to be run against the system under test; establishing a baseline profile indicating performance of the system under test when processing the non-fuzzed test case; enabling fuzzing for at least one fuzzed test case to be run against the system under test; receiving notification of the fuzzed test case; running at least one fuzzed test case against the system under test; monitoring the system under test when the system under test is processing the fuzzed test case; monitoring the system under test for one or more security flaws; detecting whether the system under test contains one or more security flaws; and in response to the detection of one or more security flaws, assigning a criticality level to the one or more security flaws. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method implemented at least in part by a computing device comprising:
-
enabling fuzzing for at least one fuzzed test case to be run against a system under test; receiving notification of the fuzzed test case; running at least one fuzzed test case against the system under test; correlating performance of the system under test when processing the fuzzed test case to the notification of the fuzzed test case; monitoring the system under test when the system under test is processing the fuzzed test case; capturing system statistics from the system under test at a beginning of a test case; capturing system statistics from the system under test while processing the test case; capturing system statistics from the system under test at an end of the test case; and evaluating the system statistics. - View Dependent Claims (10, 11, 12, 13)
-
-
14. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:
-
generating at least one fuzzing signal that enables or disables fuzzing of test cases to be received by a watchdog application; receiving at least one notification of at least one test case that is to be executed on a system under test that is associated with the watchdog application; monitoring the system under test when executing the test case; establishing a baseline performance profile for the system under test; reporting a deviation from the baseline performance profile; and wherein the act of reporting a deviation includes reporting at least one of the following; writing of personally identifiable information by the system under test; excessive write operations performed by the system under test; a successful local cross site scripting attack on the system under test; and unauthorized directory accesses by the system under test. - View Dependent Claims (15, 16, 17)
-
Specification