Detection of vulnerabilities in computer systems

US 9,268,945 B2
Filed: 02/11/2014
Issued: 02/23/2016
Est. Priority Date: 03/19/2010
Status: Active Grant

First Claim

Patent Images

1. A method for detecting a presence of at least one vulnerability in an application, the method comprising:

modifying instructions of the application to include at least one monitor adapted to generate an action snapshot of an action performed by the application when executed by one or more processors, wherein the action snapshot includes at least some data associated with the action;

storing the action snapshot with other stored action snapshots generated by the at least one monitor during the execution of the application when respective actions were performed by the application;

analyzing, from within the application and while the application is running, the stored action snapshots;

detecting the presence of at least one vulnerability in the application based on the analysis of the stored action snapshots, each of the at least one vulnerability is a pattern of application execution that is subject to abuse by a user of the application when the application is being executed by the same one or more processors; and

reporting the presence of at least one vulnerability in the application as detected based on the analysis of the stored action snapshots.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and apparatus, including computer program products, for detecting a presence of at least one vulnerability in an application. The method is provided that includes modifying instructions of the application to include at least one sensor that is configurable to generate an event indicator, wherein the event indicator includes at least some data associated with the event; storing the event indicator with other stored event indicators generated by the at least one sensor during the execution of the application; analyzing the stored event indicators; detecting a presence of at least one vulnerability in the application based on the analysis of the stored event indicators; and reporting the presence of at least one vulnerability.

Citations

20 Claims

1. A method for detecting a presence of at least one vulnerability in an application, the method comprising:
- modifying instructions of the application to include at least one monitor adapted to generate an action snapshot of an action performed by the application when executed by one or more processors, wherein the action snapshot includes at least some data associated with the action;
  
  storing the action snapshot with other stored action snapshots generated by the at least one monitor during the execution of the application when respective actions were performed by the application;
  
  analyzing, from within the application and while the application is running, the stored action snapshots;
  
  detecting the presence of at least one vulnerability in the application based on the analysis of the stored action snapshots, each of the at least one vulnerability is a pattern of application execution that is subject to abuse by a user of the application when the application is being executed by the same one or more processors; and
  
  reporting the presence of at least one vulnerability in the application as detected based on the analysis of the stored action snapshots.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, further comprising:
    - reducing the performance impact of monitoring by configuring the at least one monitor in such a way that application execution paths are monitored the first time they are executed but not each time they are executed thereafter.
  - 3. The method of claim 1, further comprising:
    - caching the modified instructions of the application in such a way that the at least one monitor can be applied more quickly to the application than other monitors.
  - 4. The method of claim 1, wherein the modifying the instructions of the application snapshots further includes at least one monitor adapted to generate an action snapshot of an action selected based on the action snapshots generated by other monitors.
  - 5. The method of claim 1, wherein the analyzing the at least one action snapshot further comprises:
    - tracking properties of the data in the at least one action snapshot using at least one tag assigned to at least one part of said data.
  - 6. The method of claim 1, wherein the analyzing the stored application snapshots further comprises:
    - analyzing stored application snapshots generated from more than one application.
  - 7. The method of claim 1 wherein the analyzing the stored application snapshots further comprises:
    - identifying previously identified vulnerabilities that share execution paths with at least one action snapshot to determine if said vulnerabilities are no longer present in the application.
  - 8. The method of claim 1, wherein the detecting the presence of at least one vulnerability further comprises:
    - detecting the presence of at least one publically known vulnerability in a component used in the application.
  - 9. The method of claim 1, wherein the at least one monitor is adapted to create action snapshots based on the data in HTTP requests and responses that are either received or transmitted by the running application.
  - 10. The method of claim 1, wherein the at least one monitor is adapted to create action snapshots based on configuration information for the application.
  - 11. The method of claim 1, wherein the at least one monitor is adapted to create action snapshots containing source code or decompiled binary code for the running application.
  - 12. The method of claim 1, wherein the modifying the instructions of the application snapshots further includes at least one monitor adapted to generate an action snapshot of an action selected by testing and analyzing the runtime behavior of a run-time library or run time component.
  - 13. The method of claim 1, further comprising:
    - generating a visual representation of the security architecture of the application based on the analysis of stored action snapshots.
  - 14. The method of claim 1, wherein the reporting the presence of at least one vulnerability further includes:
    - reporting the execution paths in the application that have and have not been executed, thus revealing which portions of code have not been monitored for vulnerabilities.
  - 15. The method of claim 1, wherein the reporting the presence of at least one vulnerability further includes reporting a web application firewall rule designed to remediate said vulnerability.
  - 16. The method of claim 1, wherein the reporting the presence of at least one injection vulnerability further includes:
    - reporting the appropriate encoding scheme to remediate said injection vulnerability based on the contextual data in at least one action snapshot.
  - 17. The method of claim 1, wherein the reporting the presence of at least one vulnerability further includes:
    - reporting remediation advice tailored to the specific application on the basis of other action snapshots.
  - 18. The method of claim 1, wherein the reporting the presence of at least one vulnerability further includes reporting a code required to patch a vulnerability.
  - 19. The method of claim 1, wherein the modifying the instructions of the application further comprises:
    - dynamically patching a code segment at a run-time of the application.
  - 20. The method of claim 19, wherein the code segment to be patched is a software component or library that is a part of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Contrast Security, LLC
Original Assignee
Contrast Security, LLC
Inventors
Williams, Jeffrey, Dabirsiaghi, Arshan
Primary Examiner(s)
Su, Sarah

Application Number

US14/177,628
Publication Number

US 20140165204A1
Time in Patent Office

742 Days
Field of Search

726/25, 726/22, 713/189
US Class Current

1/1
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/02   for separating internal fro...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

Detection of vulnerabilities in computer systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of vulnerabilities in computer systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links