Pinpointing security vulnerabilities in computer software applications

US 8,510,842 B2
Filed: 04/13/2011
Issued: 08/13/2013
Est. Priority Date: 04/13/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more processors;

one or more storage mediums storing program instructions executable by the one or more processors;

a scan manager, comprising at least a portion of the program instructions, configured to set a debugging breakpoint within a computer software application proximate to an instruction that is correlated with an attack;

a black-box tester, comprising at least a portion of the program instructions, configured to perform the attack on the computer software application during execution of the computer software application in a debugging mode; and

a debugger, comprising at least a portion of the program instructions, configured tohalt the execution of the computer software application in the debugging mode when the attack triggers the debugging breakpoint, anddisplay the instruction on a computer display within the context of an interactive debugging session.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A build process management system can acquire data pertaining to a software build process that is currently being executed by an automated software build system. The software build process can include executable process steps, metadata, and/or environmental parameter values. An executable process step can utilize a build artifact, representing an electronic document that supports the software build process. The acquired data can then be synthesized into an immutable baseline build process and associated baseline artifact library. The baseline artifact library can store copies of the build artifacts. The immutable baseline build process can include baseline objects that represent data values and dependencies indicated in the software build process. In response to a user-specified command, an operation can be performed upon the baseline build process and associated baseline artifact library.

Citations

12 Claims

1. A system comprising:
- one or more processors;
  
  one or more storage mediums storing program instructions executable by the one or more processors;
  
  a scan manager, comprising at least a portion of the program instructions, configured to set a debugging breakpoint within a computer software application proximate to an instruction that is correlated with an attack;
  
  a black-box tester, comprising at least a portion of the program instructions, configured to perform the attack on the computer software application during execution of the computer software application in a debugging mode; and
  
  a debugger, comprising at least a portion of the program instructions, configured tohalt the execution of the computer software application in the debugging mode when the attack triggers the debugging breakpoint, anddisplay the instruction on a computer display within the context of an interactive debugging session.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system according to claim 1, wherein the scan manager is configured to correlate the instruction with the attack.
  - 3. The system according to claim 2 and further comprising a static analyzer configured to statically analyze the computer software application to identify the instruction as potentially representing a security vulnerability prior to the scan manager correlating the instruction with the attack.)
  - 4. The system according to claim 2 wherein the black-box tester is configured to perform the attack during execution of the computer software application the scan manager correlating the instruction with the attack.
  - 5. The system according to claim 4 wherein the black-box tester is configured to perform the attack wherein the attack is designed to test for a security vulnerability.
  - 6. The system according to claim 4 and further comprising an execution monitor configured to:
    - instrument the computer software application,monitor the computer software application during its execution in the debugging mode, anddetect where the attack occurs within the computer software application, thereby identifying the instruction.
  - 7. The system according to claim 1 wherein the debugger is configured to:
    - display a description of the attack,display the instruction in the context of a listing of a plurality of instructions of the computer software application, andmake at least one execution environment value of the computer software application available for inspection.

8. A system for pinpointing security vulnerabilities in computer software applications, the system comprising:
- one or more processors;
  
  one or more storage mediums storing program instructions executable by the one or more processors;
  
  a black-box tester, comprising at least a portion of the program instructions, configured toperform an attack on a computer software application during execution of the computer software application, wherein the attack is designed to test for a security vulnerability, andperform the attack again on the computer software application during execution of the computer software application in a debugging mode;
  
  a scan manager configured tocorrelate the attack with an instruction within the computer software application, andset a debugging breakpoint within the computer software application proximate to the instruction; and
  
  a debugger configured tohalt the execution of the computer software application in the debugging mode when the attack triggers the debugging breakpoint,display the instruction and a description of the attack on a computerdisplay within the context of an interactive debugging session, andmake at least one execution environment value of the computer software application available for inspection.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system according to claim 8 and further comprising a static analyzer configured to statically analyze the computer software application to identify the instruction as potentially representing a security vulnerability prior to the scan manager correlating the instruction with the attack.
  - 10. The system according to claim 8 and further comprising an execution monitor configured toinstrument the computer software application,monitor the computer software application during its execution in the debugging mode, anddetect where the attack occurs within the computer software application, thereby identifying the instruction.
  - 11. The system according to claim 8 wherein the debugger is configured to:
    - display a description of the attack; and
      
      display the instruction in the context of a listing of a plurality of instructions of the computer software application.
  - 12. The system according to claim 8, wherein the system further comprises:
    - at least one processor; and
      
      at least one computer-readable storage medium, wherein the black box tester, the scan manager, and the debugger each comprise computer program instructions stored in the at least one storage medium, wherein the computer program instructions are executed by at least one processor when the system is running.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Blue, Inc. (FIG LLC (d/b/a Fortress Investment Group LLC))
Original Assignee
International Business Machines Corporation
Inventors
Amit, Yair, Hay, Roee, Saltzman, Roi, Sharabani, Adi
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US13/085,902
Publication Number

US 20120266246A1
Time in Patent Office

853 Days
Field of Search

726/25, 713187-189, 717/124, 717/126, 717/127, 717/129
US Class Current

726/25
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/55   Detecting local intrusion o...

G06F 2221/033   Test or assess software

Pinpointing security vulnerabilities in computer software applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Pinpointing security vulnerabilities in computer software applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links