Automated SDK ingestion

US 9,805,202 B2
Filed: 11/13/2014
Issued: 10/31/2017
Est. Priority Date: 11/13/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for parsing software development kit interfaces to obtain customer usage, comprising:

under the control of one or more computer systems configured with executable instructions,loading a library to a security platform, wherein the library is an interface to a remote application programming interface (“

API”

);

generating a top-level object of the API;

executing initial function calls against the interface to retrieve reference names of methods for the top-level object, wherein a reference name of a retrieved method is a name useable for specifying a future call to a particular function;

recursively executing subsequent function calls against the interface using the reference names;

recursively retrieving data from methods of the executed subsequent function calls using previously retrieved reference names; and

storing retrieved data in a data store.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an assessment or audit of a computer system, an auditing subsystem will parse software development kit (“SDK”) interfaces and obtain customer usage, configuration and security information by applying requests for information to the application programming interfaces provided by the SDK interfaces.

29 Citations

View as Search Results

23 Claims

1. A computer-implemented method for parsing software development kit interfaces to obtain customer usage, comprising:
- under the control of one or more computer systems configured with executable instructions,loading a library to a security platform, wherein the library is an interface to a remote application programming interface (“
  
  API”
  
  );
  
  generating a top-level object of the API;
  
  executing initial function calls against the interface to retrieve reference names of methods for the top-level object, wherein a reference name of a retrieved method is a name useable for specifying a future call to a particular function;
  
  recursively executing subsequent function calls against the interface using the reference names;
  
  recursively retrieving data from methods of the executed subsequent function calls using previously retrieved reference names; and
  
  storing retrieved data in a data store.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein the recursively executing is performed until a predetermined object is retrieved.
  - 3. The computer-implemented method of claim 1, further comprising:
    - detecting a last object based on the top-level object; and
      
      completing the recursive retrieving based at least in part on the detected last object.
  - 4. The computer-implemented method of claim 1, wherein the remote application programming interface is an application programming interface for a cloud infrastructure service.
  - 5. The computer-implemented method of claim 1, wherein the top-level object includes access credentials configured to connect with a remote endpoint and wherein the access credentials are used in executing the initial function calls against the interface and the subsequent function calls against the interface.
  - 6. The computer-implemented method of claim 1, further comprising recursively retrieving data from method of the initial function calls.

7. A system, comprising at least one computing device configured to implement one or more services, wherein the one or more services are configured to:
- load a library, wherein the library is an interface to a remote application programming interface (“
  
  API”
  
  );
  
  generate a top-level object;
  
  execute at least one call against the interface to retrieve names of methods for the top-level object, wherein a retrieved name of a retrieved method is useable for specifying a future call to a particular function;
  
  filter the retrieved names of the methods, wherein the filtering includes removing the retrieved names of the methods when the call may be unsafe;
  
  execute each method of the retrieved methods using the retrieved names of the retrieved methods, wherein executing each method returns a set of data related to each method; and
  
  store the set of data in a data store.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The system of claim 7, wherein an unsafe call may include a call that, if executed, would change, alter, modify, or delete data related to an object associated with the call.
  - 9. The system of claim 7, wherein each method is executed in an order, the order including executing a first method, retrieving data associated with the executed first method, and executing a second method.
  - 10. The system of claim 7, wherein the set of data comprises a representation of data stored on a remote endpoint of the application programming interface.
  - 11. The system of claim 7, wherein the one or more services are further configured to retrieve metadata related to the top-level object and at least one additional object.
  - 12. The system of claim 7, wherein the remote application programming interface is an application programming interface for a cloud infrastructure service.
  - 13. The system of claim 7, wherein the one or more services are further configured to perform a security risk assessment based at least in part on the set of data.
  - 14. The system of claim 7, wherein the top-level object includes access keys associated with a customer of the remote API, wherein the access keys are configured to authenticate a communication channel with a remote endpoint.
  - 15. The system of claim 14, wherein the access keys associated with the customer of the remote application programming interface include a temporary security credential, the temporary security credential including an access key identifier, a secret access key, and a session token.

16. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
- load a library, wherein the library is an interface to a remote application programming interface (“
  
  API”
  
  );
  
  create a first object execute an initial call to retrieve names of methods for the first object;
  
  execute each method of the retrieved methods, wherein executing each method returns a set of data related to each method, wherein a retrieved name of a retrieved method is useable for specifying a future call to a particular function;
  
  receive multiple objects in response to executing each method;
  
  retrieve data associated with each of the multiple objects, wherein retrieving the data associated with each of the multiple objects includes recursively executing a subsequent call for each method in the multiple objects using the retrieved names of the retrieved methods; and
  
  store the retrieved data.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The non-transitory computer-readable storage medium of claim 16, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to continuously monitor the remote application programming interface in real-time or near real-time.
  - 18. The non-transitory computer-readable storage medium of claim 16, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to scan security and/or configuration setting permutations for each object.
  - 19. The non-transitory computer-readable storage medium of claim 16, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to provide a graphical user interface output to display the retrieved data associated with the first object and the multiple objects.
  - 20. The non-transitory computer-readable storage medium of claim 16, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to apply a signature to the retrieved data.
  - 21. The non-transitory computer-readable storage medium of claim 20, wherein the instructions that cause the computer system to apply the signature to the retrieved data further include instructions that cause the computer system to provide an alert based at least in part on an outcome of the signature.
  - 22. The non-transitory computer-readable storage medium of claim 16, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to interpret the retrieved data according to a security rules analysis.
  - 23. The non-transitory computer-readable storage medium of claim 16, having stored thereon further executable instructions to process the first object including authentication credentials associated with a customer of the remote API, wherein the authentication credentials are configured to authenticate a communication channel with the remote API.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Evident.io, Inc. (Palo Alto Networks Incorporated)
Inventors
Medeiros, Claire, Lundy, Justin
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Woldemariam, Nega

Application Number

US14/540,576
Publication Number

US 20150135287A1
Time in Patent Office

1,083 Days
Field of Search

726 2, 726 3, 726 4, 726 5, 726 6
US Class Current
CPC Class Codes

G06F 21/50 Monitoring users, programs ...

G06F 21/577 Assessing vulnerabilities a...

Automated SDK ingestion

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Automated SDK ingestion

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others