Verifying application security vulnerabilities
First Claim
1. A computer-implemented process for verifying application security vulnerabilities, the computer-implemented process comprising:
- receiving a source code to analyze;
performing a static analysis using the received source code;
generating a vulnerability call trace for the received source code;
determining whether all static analysis results are validated;
responsive to a determination that all static analysis results are not validated, generating mock objects using the vulnerability call trace;
creating a unit test using the generated mock objects;
executing, using a processor, the unit test using the generated mock objects;
determining, using the processor, whether an identified vulnerability was validated;
responsive to a determination that an identified vulnerability was validated, selecting a next static analysis result; and
responsive to a determination that all static analysis results are validated, reporting results and computed unit tests.
2 Assignments
0 Petitions
Accused Products
Abstract
Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.
-
Citations
20 Claims
-
1. A computer-implemented process for verifying application security vulnerabilities, the computer-implemented process comprising:
-
receiving a source code to analyze; performing a static analysis using the received source code; generating a vulnerability call trace for the received source code; determining whether all static analysis results are validated; responsive to a determination that all static analysis results are not validated, generating mock objects using the vulnerability call trace; creating a unit test using the generated mock objects; executing, using a processor, the unit test using the generated mock objects; determining, using the processor, whether an identified vulnerability was validated; responsive to a determination that an identified vulnerability was validated, selecting a next static analysis result; and responsive to a determination that all static analysis results are validated, reporting results and computed unit tests. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for verifying application security vulnerabilities, the computer program product comprising:
-
a computer recordable storage medium containing computer executable program code stored thereon, the computer executable program code comprising; computer executable program code for receiving a source code to analyze; computer executable program code for performing a static analysis using the received source code; computer executable program code for generating a vulnerability call trace for the received source code; computer executable program code for determining whether all static analysis results are validated; computer executable program code responsive to a determination that all static analysis results are not validated, for generating mock objects using the vulnerability call trace; computer executable program code for creating a unit test using the generated mock objects; computer executable program code for executing the unit test using the generated mock objects; computer executable program code for determining whether an identified vulnerability was validated; computer executable program code responsive to a determination that an identified vulnerability was validated, for selecting a next static analysis result; and computer executable program code responsive to a determination that all static analysis results are validated, for reporting results and computed unit tests. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus for verifying application security vulnerabilities, the apparatus comprising:
-
a communications fabric; a memory connected to the communications fabric, wherein the memory contains computer executable program code; a communications unit connected to the communications fabric; an input/output unit connected to the communications fabric; and a processor unit connected to the communications fabric, wherein the processor unit executes the computer executable program code to direct the apparatus to; receive a source code to analyze; perform a static analysis using the received source code; generate a vulnerability call trace for the received source code; determine whether all static analysis results are validated; responsive to a determination that all static analysis results are not validated, generate mock objects using the vulnerability call trace; create a unit test using the generated mock objects; execute the unit test using the generated mock objects; determine whether an identified vulnerability was validated; responsive to a determination that an identified vulnerability was validated, select a next static analysis result; and responsive to a determination that all static analysis results are validated, report results and computed unit tests. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification