43 results about "Software Security Vulnerability" patented technology

Security analysis and vulnerability testing results are “packaged” or “bound to” the actual software it describes. By linking the results to the software itself, downstream users of the software can access information about the software, make informed decisions about implementation of the software, and analyze the security risk across an entire system by accessing all (or most) of the reports associated with the executables running on the system and summarizing the risks identified in the reports.

Security analysis and vulnerability testing results are “packaged” or “bound to” the actual software it describes. By linking the results to the software itself, downstream users of the software can access information about the software, make informed decisions about implementation of the software, and analyze the security risk across an entire system by accessing all (or most) of the reports associated with the executables running on the system and summarizing the risks identified in the reports.

The invention discloses a source code-oriented bipolar software security vulnerability graph construction method, solving the problems of single vulnerability feature, lack of semantic information andlow vulnerability mining precision in a current vulnerability graph model. The technical scheme includes the steps: obtaining vulnerability source codes through crawlers; preprocessing the vulnerability source codes; carrying out data analysis and extraction, including feature extraction, entity extraction and relationship extraction; constructing a vulnerability graph, including taking the sub-graph as a basic unit of the vulnerability graph, and visualizing and storing the vulnerability graph; and performing vulnerability graph optimization: removing a large amount of redundant informationby pruning the sub-graph to achieve vulnerability graph optimization. According to the vulnerability graph constructed by the invention, the forward and reverse characteristics of the vulnerability are displayed at the same time through comparison; the complex relation among the characteristic items is embodied; existing semantic structure information is enriched; a reliable basis is provided forresearch of vulnerability causes; vulnerability mining precision is improved; system software safety is guaranteed; and the vulnerability graph is used for computer security vulnerability mining and management.

A computer program can be statically analyzed to determine an order in which client side workflows are intended to be implemented by the computer program. A virtual patch can be generated. When executed by a processor, the virtual patch can track web service calls from a client to the computer program, and determine whether the order of the web service calls from the client to the computer program correlate to the order in which client side workflows are intended to be implemented by the computer program. If the order of the web service calls from the client to the computer program do not correlate to the order in which client side workflows are intended to be implemented by the computer program, an alert can be generated.

The invention discloses a method for detecting a security hole of application software. The method comprises the steps of compiling the application software into a preset intermediate language code text; acquiring a data association structure of the application software according to the code text; reversibly finding out an external input point corresponding to a sensitive calling point according to a variable parameter of the sensitive calling point and the data association structure in the application software; and if the external input point corresponding to the sensitive calling point is successfully found out, determining the external input point as the security hole of the application software. The invention also discloses a system for detecting the security hole of the application software. According to the method and the system, the detection efficiency for the security hole of the application software is greatly improved.

The invention discloses a method for detecting security flaws of software source codes. The method comprises the following steps: establishing an abstract syntax tree AST corresponding to source codesof software to be detected; determining controllable points and risk points of each node of the established AST according to predefined controllable points and risk points; and searching an executionpath between the controllable points and the risk points in the AST, and if the risk points on the execution path can be controlled by the controllable points on the execution path, the execution path is determined as a potential risk execution path probably causing the security flaws. The invention also discloses a device for detecting the security flaws of the software. The method and the device can effectively detect the security flaws existing in the source codes of the software.